23% of Top US Child-Directed Mobile Apps in the Google and Apple App Stores Likely Breach COPPA Privacy Disclosure Obligations: Pixalate’s Q1 2023 Children’s Privacy Risk Report

New research indicates that 23% of the top 859 U.S.-registered likely child-directed mobile apps manually reviewed across the Google Play Store and Apple App Store likely breach COPPA’s online privacy policy provision  (16 C.F.R. § 312.4 (d))

LONDON, July 10, 2023 -- Pixalate, the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and Mobile Advertising, today released the Q1 2023 Children’s Privacy Risk Report for Mobile Apps. The report is part of Pixalate’s Privacy Disclosure & Compliance Series and features a comprehensive analysis of privacy policies across nearly 1,000 popular U.S.-registered likely child-directed mobile apps in the Apple App Store and Google Play Store.

Pixalate evaluated child-directed apps and their potential threat to the privacy of children online, focusing on U.S.-registered apps that collect, use, or disclose personal information which would trigger privacy practices disclosure obligations under the COPPA Rule.

The apps were manually reviewed by the educators on Pixalate’s Trust & Safety Advisory Board to determine their likely intended audience. A total of 935 U.S.-registered apps active in Q1 2023 were reviewed, 859 of which are likely subject to the COPPA Rule.

Key Findings:

• 193 (23%) of the 859 U.S.-registered apps likely subject to COPPA in the Google Play Store and Apple App Store were found likely non-compliant with COPPA’s disclosure obligations.
• 4% (33) failed to comply with COPPA’s online notice provision by not posting a privacy policy.
• 22% of Google and 13% of Apple apps with a privacy policy did not meet the disclosure obligations of COPPA.
• 17% of apps that collect data about children either had no privacy policy (33) or did not include a privacy policy disclosure describing how they handle children’s data within its privacy policy (110), likely violating the COPPA Rule.

“We continue to be surprised that the standards for apps in the Google Play Store and Apple App Store are not markedly higher for child-directed apps,” said Allison Lefrak, SVP of Public Policy, Ads Privacy and COPPA Compliance at Pixalate. “With nearly one-quarter of the most popular U.S.-registered mobile apps likely in breach of COPPA’s requirements related to online privacy policies, the mobile app stores need to act as responsible gatekeepers and remove developers that are failing to be transparent with parents about their data collection practices.”

More about Pixalate’s Privacy Compliance Methodology:

COPPA requires operators of apps that collect, use, or disclose personal information from children to post an online privacy policy. To be COPPA compliant, the privacy policy must disclose (16 C.F.R. § 312.4 (d) (1-3): 

• The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the app;
• A description of what information the operator collects from children, including whether the operator enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information; 
• The procedures by which a parent can review or have deleted the child’s personal information and refuse to permit its further collection or use. 

For Pixalate’s technology to deem an app as likely non-compliant with the COPPA Rule, one or more of the following deficiencies must have been identified:

• No privacy policy URL detected in app store.
• A URL was detected in the app store, but it did not actually point to a privacy policy.
• A privacy policy was detected but it did not meet the COPPA Rule’s disclosure obligations, according to Pixalate’s analysis. 

Download Pixalate’s Q1 2023 Children’s Privacy Risk Report for Mobile Apps, and visit Pixalate’s COPPA Compliance Tools Methodology to learn more about the child-directed assessment for mobile apps in the Google Play and Apple App Stores.

About Pixalate

Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and Mobile Advertising. We work 24/7 to guard your reputation and grow your media value. Pixalate offers the only system of coordinated solutions across display, app, video, and CTV for better detection and elimination of ad fraud. Pixalate is an MRC-accredited service for the detection and filtration of sophisticated invalid traffic (SIVT) across desktop and mobile web, mobile in-app, and CTV advertising. www.pixalate.com

Disclaimer

The content of this press release, and the Q1 2023 Children’s Privacy Risk Report for Mobile Apps (the "Report"), reflect Pixalate's opinions with respect to factors that Pixalate believes can be useful to the digital media industry. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to privacy and information security practices and compliance across mobile apps in the time period studied.