FTC looks at mobile apps firms over child privacy concerns
By Cecilia Kang,
Hundreds of popular smartphone and tablet apps aimed at children are collecting personal data and sharing it without informing parents, a new federal study said Monday.
Developers of these software programs offered misleading privacy policies or buried their practices in fine print, the Federal Trade Commission found after testing 400 leading apps sold in the mobile stores run by Apple and Google.
The findings come ahead of a landmark vote at the FTC on new online child privacy rules that aim to curb companies from tracking pre-teens on mobile devices. The agency and the Obama administration have pushed for stronger protections for children who are spending more time than ever online, thanks largely to the proliferation of smartphones and tablets in homes and schools.
While current law puts strict limits on advertising to children in print or on television, it provides fuzzier guidance on mobile technology, which can be far more invasive. Tech companies, for instance, can instantaneously locate a user, track a person’s social-media habits or keep a record of every Web site visited.
Those kinds of data, however sensitive to parents,have allowed companies to target ads and develop programs for children with a kind of precision that wasn’t available just a few years ago. The push by the government to update child privacy rules has faced resistance from Silicon Valley giants, including Facebook, Apple and Google, as well as the companies developing mobile apps. While they agree that children should be afforded special protections, they also argue some of the proposals would stifle a nascent and innovative industry.
Still, the FTC said it would launch “multiple” investigations into mobile apps companies that may have violated laws on deceptive practices or the Children’s Online Privacy Protection Act, a 1998 law that public interest groups say badly needs an update. The agency declined to identify the names or the number of companies that it would target in its probes.
“Our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents,” FTC Chairman Jon Leibowitz said in a statement.
He added that app stores including Apple’s iTunes and Google Play should be scrutinized just as heavily as software developers. “All the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job,” Leibowitz said.
No technology has been adopted faster by consumers — especially youths — than mobile gadgets. A majority of teens are now toting their own smartphones around school hallways and malls, allowing tech companies and advertisers to target ads to the owners’ tastes when they access games, youth-oriented social networks or math apps. And even toddlers, some as young as 2, are finding their way around their parents devices to play nursery-rhyme programs or alphabet games, enabling developers of such software to study their behavior and aim yet more products at them.
In its report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” the FTC said that of particular concern is the collection of a user’s device ID, a string of letters and numbers that identifies each mobile device.
This identifier could be shared among many third parties, including ad networks and data analytics firms looking to create profiles on Internet users. A child’s use of multiple apps could be pieced together, allowing companies to create comprehensive portraits of children ages 12 and younger, the FTC report said.
The FTC is considering updating the law to define unique identifications and locations as personal information, so that companies would have to gain permission from parents before collecting and sharing that data.
Morgan Reed, executive director for the apps trade group the Association for Competitive Technology, acknowledged that apps developers fall short on explaining their data collection practices and how they use that information. But he warned that stricter rules won’t necessarily protect a child’s privacy.
“The problem is not lack of rules, but lack of education on both sides of discussion,” Reed said. “Consumers say they want privacy, but some of my developers say no one reads their privacy policies.”
The FTC also found 80 percent of the apps it tested didn’t offer any information about their privacy policies. Nearly 60 percent shared data about a user’s mobile device with other app developers and with third parties such as ad networks.
The agency added that nearly a quarter of apps linked users to social media sites but only 9 percent disclosed that. Beyond privacy concerns, the FTC found some apps were luring children to spend real dollars in fantasy games, without making it clear to parents what was going on.
The Center for Digital Democracy, a public interest group, said it would highlight the lack of regulation in the apps market in a complaint it plans to file Tuesday against the popular virtual-pet game Mobbles.
In its complaint to the FTC, the group plans to allege that when children collect, dress up, and share the toothy, animated Mobbles creatures with their friends, the program collects e-mail addresses, home addresses, locations and other sensitive information without getting permission from parents.
Mobbles, which was launched in May, is rated for ages 4 and older on Apple devices and is promoted widely to owners of Android phones. It is backed by U.S. Venture Partners, an investor group in Silicon Valley, the center said. The firm said Monday that it would take its app off iTunes and Google Play until these issues are addressed.
“We will always do what we believe is best for our users in the long term, and we thank you, our loyal and valued users, for your understanding,” Alexandre Curtelin, co-founder of Mobbles Corp., said in an e-mail statement.