According to Pixalate’s latest legal investigation, 253 Google Play & Apple App Stores-hosted Child-Accessible mobile apps with ads are likely non-compliant under the EU & UK GDPR; over 95% (245) of the identified apps are transmitting unlawfully obtained personal data–including Device ID and Location data– in the advertising bid stream
LONDON, August 29, 2025 -- Pixalate, the leading global ad fraud protection, privacy, and compliance analytics platform, today released the Q2 2025 GDPR-K & UK Children’s Code Privacy Violations in Mobile Apps Report, part of Pixalate’s series on European Users’ Privacy Rights.
The report exclusively examines Child-Accessible* apps across the Google Play & Apple App Store that are EU & UK registered and likely violate several provisions and standards under the General Data Protection Regulation (GDPR) and UK Children’s Code. Key potential violations include transmission of unlawfully obtained personal data in the advertising bid stream, no disclosures on how children’s personal data is processed, omitting mandatory information concerning data subject rights and failure to provide apps’ contact information within privacy notices/policies.
The following key findings highlight significant data privacy failures determined by Pixalate’s legal research and data science teams within 253 EU and UK-registered Child-Accessible mobile apps with ads**:
Essential privacy practices, particularly those concerning children, are still being neglected by app developers, causing illegally-obtained personal data to be exposed in the digital advertising supply chain,” said Yusra Kayani, Director and Privacy Legal Counsel at Pixalate. “Pixalate’s investigation exposes these privacy failures in the European app market and calls for stronger safeguards, with regulators urged to give this privacy gap the attention it deserves.”
The report further reveals a failure in safeguarding children's privacy due to the widespread absence of effective parental consent mechanisms.
| Rank | App | Developer | Developer Country | Est. Lifetime App Users (EU+UK) |
| 1 | Zombie Tsunami | Mobigame SAS | FRANCE | 16.8M |
| 2 | Akinator | Elokence SAS | FRANCE | 14.9M |
| 3 | 4 Fotos 1 Palabra | Lotum GmbH | GERMANY | 5.6M |
| 4 | 4 Pics 1 Word | Lotum GmbH | GERMANY | 5.4M |
| 5 | European Truck Simulator | Ovidiu Pop | ROMANIA | 5.1M |
| 6 | Checkers Online | CC Games | POLAND | 4.7M |
| 7 | Coach Bus Simulator | Ovidiu Pop | ROMANIA | 3.3M |
| 8 | TopSpeed: Drag & Fast Racing | T-Bull S A | POLAND | 3.1M |
| 9 | Moto Rider GO: Highway Traffic | T-Bull S A | POLAND | 3.0M |
| 10 | Thief Puzzle: to pass a level | TapNation | FRANCE | 2.4M |
| Rank | App | Developer | Developer Country | Est. Lifetime App Users (EU+UK) |
| 1 | Akinator | Elokence.com | FRANCE | 1.4M |
| 2 | Thief Puzzle: Brain Games | TapNation | FRANCE | 1.1M |
| 3 | Guess Their Answer | TapNation | FRANCE | 359K |
| 4 | 4 Pics 1 Word | LOTUM GmbH | GERMANY | 332K |
| 5 | BFF Friendship Test - Quiz | DH3 Games Ltd | IRELAND | 277K |
| 6 | Driving School Simulator | Alexandru Marusac | ROMANIA | 222K |
| 7 | Doll Dress Up: Makeup Games | TapNation | FRANCE | 218K |
| 8 | Save My Doggy - Dog Rescue | TapNation | FRANCE | 190K |
| 9 | Food Match 3D: Tile Puzzle | Masal Games Oyun Yazilim ve Teknoloji Anonim Sirketi | UNITED KINGDOM | 151K |
| 10 | Bubble Explode - pop puzzle | Spooky House Studios UG (haftungsbeschraenkt) | GERMANY | 137K |
To compile this research, Pixalate data science and legal teams analyzed 15,417 mobile apps that were determined to be Child-Accessible and ad-enabled, followed by applying a GDPR Applicability Threshold**** to assess apps that were:
For the complete list and the methodology, download the report here:
*Child-Accessible Assessment Criteria: In this report, “Child-Accessible,” denotes the scope applicability of GDPR Art 8(1) & UK Children’s Code concerning mobile apps. Please review the Report’s methodology to learn more about how Pixalate’s Child-Accessible assessment criteria determines whether an app is likely accessible to children.
**Apps with ads: Apps with ads are defined as those having programmatic ad traffic targeted towards users based in EU+UK. These may also include apps with app-ads.txt files detected. See the Report’s Methodology for more information.
***Lifetime App Users: Lifetime App Users refers to Pixalate’s estimated total number of users who have installed (downloaded) each of the identified mobile apps without privacy policies on their device(s) since the apps’ initial launch within the respective app store. See the Report’s Methodology for more information.
****GDPR Applicability Threshold: Pixalate applies a GDPR-focused assessment criteria to determine whether a mobile app falls within scope of the GDPR and its respective obligations. To learn more about this assessment, please review the Report’s methodology for more information.
About Pixalate
Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com
Disclaimer
The content of this press release, and the Q2 2025 GDPR-K & UK Children’s Code Privacy Violations in Mobile Apps Report (the "Report"), reflect Pixalate's opinions with respect to factors that Pixalate believes can be useful to the digital media industry. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to privacy and information security practices and compliance across mobile apps in the time period studied.
Statement regarding applicability of the General Data Protection Regulation (GDPR) & UK Children’s Code
Pixalate's opinions regarding possible applicability of, legal obligations under, and compliance with the GDPR & UK Children’s Code are for informational purposes only, and are not offered as legal advice. Nothing in this report: (i) is intended to constitute professional and/or legal advice; (ii) actually constitutes professional and/or legal advice; or (iii) sets forth a comprehensive or complete statement of the matters discussed or the law relating thereto.