Pixalate Introduces Apple & Google App Store Watchdog Database (KYD); Children's Online Safety Ratings For Parents, Schools to Flag Developers Sharing Precise Geolocation or Lacking Parental Consent

Updated monthly, Pixalate’s free KYD database rates 356,095 ad-funded app developers and finds 33% can collect precise geolocation data; 99% of advisory board tested child-directed apps fail to obtain legally required verifiable parental consent under COPPA. KYD results accessible through AI prompts via tools like ChatGPT

London, February 10, 2026 – Pixalate, an ad fraud and digital safety watchdog recognized by UNICEF as a “key innovator” for children’s online privacy, today launched Know Your Developer (KYD), a free, public, and continuously updated database to help parents, schools, and child safety advocates identify privacy and safety risks among mobile app developers from the Apple App Store and Google Play Store.

KYD evaluates 356,095 ad-funded mobile app developers, including 86,028 operating at least one child-directed app, for online child safety, privacy compliance, and advertising fraud risk.

KYD Database Fills Gap Left by Google and Apple

Crucially, the KYD database corrects the record where app store “Data Safety” labels fail. Pixalate found that self-reported safety labels frequently contradict actual data practices, creating a false sense of security for parents.

For example, in the Google Play Store, Pixalate observed multiple popular apps claiming "No data collected" or "No data shared" while simultaneously transmitting precise location data to third parties:

* Failure to obtain Parental Consent, risking violations under the Children’s Online Privacy Protection Act (COPPA) according to a manual review conducted by Pixalate’s Trust & Safety Advisory Board, as of December 2025

** Data broadcast to third parties via the RTB ad bid stream, as observed by Pixalate.

Pixalate's research found 62% of ad-funded app developers have apps with child privacy and online safety vulnerabilities as of December 2025. The KYD database establishes ongoing, independent oversight across seven categories:

• 24,124 developers share PRECISE GEOLOCATION COORDINATES with third parties, including data brokers, in the advertising bid stream and have app permissions that allow them to track users’ precise location, according to Pixalate’s Q4 2025 observations. A total of 118,049 (33%) can track precise location through app permissions, potentially exposing children to precise surveillance.
• 99% failure rate in VERIFIABLE PARENTAL CONSENT (VPC) sample testing. Of the 3,936 top ad-funded child-directed apps downloaded and tested by Pixalate’s Trust and Safety Advisory Board, 3,907 (99%) failed to obtain VPC.
• 195,342 developers are rated “Critical” for BANNED APPS risk. This indicates that 55% of developers who run ad traffic on apps that have been delisted or banned from app stores have had all of their apps removed from mobile app stores, or have significant portions of their lifetime user base on delisted apps.
• 20,796 developers were rated “Critical” for UNSAFE ADVERTISING risk. These developers are linked to invalid traffic or advertising fraud indicators - a signal of low-quality or non-human ad activity that increases the risk of data sharing with undisclosed third parties. Pixalate is accredited by the Media Rating Council (MRC) for ad fraud detection.
• 10,198 developers were rated “Critical” for APP SECURITY risk. This indicates developers who have not provided security updates to apps used by a significant user base in three or more years.
• 7,222 developers fail to post a PRIVACY POLICY. These developers did not have accessible privacy policies, as required by both COPPA and the Apple and Google app stores.
• 1,535 developers rated “Critical” for ANONYMOUS OWNERS risk. By using hidden domain registrations or shell conglomerates, these anonymous developers can evade accountability and make it difficult for parents to know who is behind the screen.

“Parents downloading a cartoon app for their 5-year-old have no idea they're handing their child's location data to be broadcast to the entire ad ecosystem,” said Jalal Nasir, CEO at Pixalate. “In an environment where children's location data can end up in the hands of data brokers, this information gap is unconscionable.”

Pixalate’s Trust & Safety Advisory Board, composed of teachers, parents, and lawyers, manually reviews mobile apps to determine the intended audience and assess key privacy compliance features, including parental consent mechanisms. This rigorous human-centered approach ensures these findings are fed directly into the KYD database.

What Google & Apple App Stores Do Not Disclose

When parents search app stores, they see individual app ratings. Parents and school administrators cannot easily access developers’:

• History of app store violations
• COPPA (Children’s Online Privacy Protection Act) or child privacy violation patterns
• Precise location tracking potential across developer portfolios
• Data sharing risk with undisclosed third parties (including via fraudulent advertising transactions)

“I have no idea what is in a developer’s portfolio when my child downloads an app,” said Caitlin Burke, a parent from New York City. “The app store shows me star ratings, but nothing about the developer's track record or whether they've violated privacy rules before. I need help navigating online safety, and the app stores aren't providing it.”

Currently, Apple and Google are lobbying Congress to limit platform accountability and are shifting the burden on parents or guardians to mitigate risks in their children's app usage. In December 2025, Apple CEO Tim Cook met with lawmakers to oppose the App Store Accountability Act – a federal bill proposing that online platforms (such as Apple and Google) conduct additional compliance checks of app developers and also require platforms to verify users' ages and share that information with mobile app developers.

Pixalate’s research exposes a structural 'handoff gap' where child-safety signals from Apple and Google fail to reach developers. Consequently, many mixed- and child-directed apps default to treating children as adults, broadcasting personal data to the advertising bidstream that enables device fingerprinting and the creation of persistent tracking profiles on minors.

Data Built for U.S. Parents, K-12 Schools, & Child Safety Advocates

The KYD data is structured to be accessible via Large Language Models (LLMs), such as OpenAI’s ChatGPT, allowing parents and admins to get instant answers via prompts.

For Parents

Before downloading any app, parents can use KYD to:

• See each app developer’s overall risk to online child safety
• Check if the app developer has removed apps or hidden their identity
• See if the developer’s apps request to track location
• Verify if the developer has privacy policies and parental consent mechanisms

For Schools and Educators

Schools recommending or approving apps for classroom use can use KYD to:

• Vet developers before allowing apps on school devices
• Identify developers with poor safety track records
• Avoid apps from developers that may violate privacy regulations
  
  

AI Prompt Example: “Is [Developer Name] flagged for children’s online safety risks in the Pixalate KYD database?”

How to Access KYD: Free and Updated Monthly

The Pixalate Know Your Developer (KYD) database is free and now open to the public. AI access is currently available via Pixalate’s custom tool within ChatGPT.

About Pixalate

Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012 and recognized by UNICEF as a “key innovator” for children’s online privacy, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com

Disclaimer

The contents of this press release, and the Know Your Developer Safety Ratings (collectively, the "KYD"), reflect Pixalate's opinions with respect to factors that Pixalate believes may be useful to parents, guardians, educators, regulators, researchers and participants in the digital media industry. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements, affiliations, or associations with any third-parties. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report research findings and trends pertaining to the time period studied.

It is important to note however, that classification of a mobile application developer (“app developer”) within a particular risk tier does not mean that the app developer, its applications, or any associated practices are in violation of any laws or regulations, including the Children’s Online Privacy Protection Act (COPPA) or any other global privacy framework. Further, the app(s) of an app developer(s) that appear(s) to be directed to children (e.g., users under 13 years of age, as defined by the COPPA Rule) does not mean that any such app, or its operator, is failing to comply with the COPPA Rule.

Pixalate’s determinations are based on a proprietary methodology that incorporates a combination of signals and automated processes. Additionally, with respect to app developers that appear to have characteristics that, in Pixalate’s opinion, may trigger related privacy law or regulatory compliance obligations and/or risk, such assertions reflect Pixalate’s opinions (i.e., they are neither facts nor guarantees). While Pixalate endeavours to apply rigorous standards in compiling the KYD, no assurances or guarantees can be, or are, made as to the accuracy or completeness of any classification. The KYD–including all content set forth herein–constitutes Pixalate “Materials” under Pixalate’s Terms of Use, and is licensed subject to–and conditioned expressly upon–compliance with each of the applicable terms and conditions of such Pixalate Terms of Use. Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”.