FTC Investigating Mobile App Companies Over Kids' Data Collection

Releases study finding little or no progress in providing info on use and sharing of information

By John Eggerton -- Broadcasting & Cable, 12/10/2012 12:20:15 PM

The Federal Trade Commission said Monday that it is launching investigations of companies employing kids' mobile apps to see if their policies have violated the FTC Act's prohibitions on unfair and deceptive practices or the Children's Online Privacy Protection Act (COPPA).

Jessica Rich, associate director, FTC Division of Financial Practices, would not say which companies those were, or how many.

The announcement of the investigations came in a press conference announcing the results of a second FTC survey that found that app stores and creators were not providing sufficient information and notice about what information the apps were collecting, how it was being used, and with whom it was being shared. That included interactive elements that allowed kids' info to be shared or offered them products to buy.

The survey prompted the follow-up investigations to see if any of the practices uncovered in the study actually violated any laws and required enforcement actions.

"The results of the survey are disappointing," the report concludes. "Industry appears to have made little or no progress in improving its disclosures since the first kids' app survey was conducted, and the new survey confirms that undisclosed sharing is occurring on a frequent basis."

Rich said the report should light a fire under app developers and stores' efforts to provide more and better info. That includes the multistakeholder meetings involving FTC, the National Telecommunications & Information Administration and industry are holding to try and come up with voluntary codes of mobile app privacy conduct per an administration initiative to establish a privacy bill of rights.

The FTC report was a follow-up to a February report that was similarly critical, and Rich suggested it showed no improvement. She said the FTC was planning a third report and said the second report should "light a fire" under the industry to do a better job of informing parents before the third report was conducted.

Asked whether any actual harm had resulted from the app practices identified in the report, Rich said that kids received ads that was not disclosed to parents, "which many parents don't like," and added there was "potential" for "great privacy concerns." Among those were the sharing of phone numbers, geolocation information and device IDs, all of which could be used to build extensive online profiles.

The FTC is expected soon to adopt changes to its enforcement of COPPA that would include geolocation and personal identifiers as covered under the act.

The study was based on a random selection of 200 apps from a list of the top 480 apps from each of the two app stores, Apple and Google Play (formerly Android).

Among the findings in the study, tabbed "Mobile Apps for Kids: Disclosures Still Not Making the Grade":

Nearly 60% of the apps transmitted device IDs to the app developer, ad networks, analytics firms or other third parties.
Only a fifth of the apps disclosed any information on their privacy practices.
58% of the apps contained advertising, while only 15% indicated that would be the case before download.
22% of the apps had links to social networks, while only 9% disclosed that fact.
17% contained ability to purchase virtual goods at prices up to $30. "Although both stores provided certain indicators when an app contains in-app purchasing capabilities," the study found, "these indicators are not always prominent and, even if noticed, may be hard for many parents to understand."

"This report reveals widespread disregard for children's privacy rules," said American University professor Kathryn Montgomery, who was instrumental in original children's online privacy protection legislation. "In the rapidly growing children's mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geo-location and use of personal contact data.  It is clear that there is an urgent need for the FTC to update its COPPA regulations and to engage in ongoing enforcement."

CTIA: The Wireless Association suggested that there were privacy policies out there to be reviewed by parents and kids.

"While we have not had sufficient time to review the entire FTC report, CTIA reaffirms its members' commitment to honoring and respecting consumers' privacy and offering them a variety of safeguards. Those include numerous built-in security features and the ability to better understand how to manage their information that's shared through wireless devices and services.

"As the wireless industry remains dedicated to ensuring users' privacy, it's important that wireless users, especially parents and children, talk with each other about how wireless devices are being used, what information is being accessed on them and to make themselves aware of the privacy policies made available by wireless service providers, social networks and apps. Families should also create appropriate rules for children's use of wireless devices and services. Our website, GrowingWireless.com, can be a helpful resource for parents and children to know how to be responsible and safe wireless users."