Pixalate’s Q2 2025 Report Uncovers 240 US-Registered Mobile Apps Across Apple, Google App Stores Likely Violating COPPA, Jeopardizing Up to 15 Million Children’s Privacy Rights

According to new research from Pixalate, 88% of likely child-directed apps with ads share personal information in the advertising bid stream; 191 apps failed to provide the requisite ‘children’s privacy’ disclosure as specified under the COPPA Rule

LONDON, August 14, 2025 – Pixalate, the global market-leading ad fraud protection, privacy, and compliance analytics platform, today released the Q2 2025 State Of Children’s Privacy On Mobile Apps Report, part of its COPPA Violation Risks in Mobile Apps series.

The analysis reveals significant privacy gaps found in mobile apps available to download on Google Play Store and Apple App Store, potentially violating the Children’s Online Privacy Protection Act (COPPA)  by unlawfully collecting, using and sharing children’s personal information in the advertising bid stream.

Pixalate’s data science and legal teams evaluated 24,561 mobile apps classified as likely child-directed pursuant to Pixalate’s COPPA Methodology, and identified 240 U.S.-registered, advertising-enabled apps (e.g., with app-ads.txt, open programmatic ad traffic) that are likely violating COPPA, placing the online privacy and safety of up to 15 million lifetime app users– majority likely children–in jeopardy.

Key Findings Raise Concerns About Children’s Data Privacy

• Privacy Policy Deficiencies. 191 (80%) of 240 covered apps that are likely violating COPPA failed to provide adequate disclosures regarding their collection, processing, or use of children’s personal information 
• Data Transmission Practices. 15 (88%) out of 17 likely child-directed covered apps that did not have privacy notices/policies and transmitted children’s Device IDs in the advertising bid stream, as measured by Pixalate
• Platform Distribution. 240 U.S.-registered apps that are likely non-compliant under COPPA across the Google Play and Apple App Store have collectively accumulated  over 15 million Lifetime App Users
• Advertising Network Integrations. Google Ad Exchange appeared in the app-ads.txt files of 200 (83%) covered apps identified as likely non-compliant under COPPA

Understanding COPPA and Children’s Personal Information

The COPPA Rule regulates the online collection of personal information from children under 13 years old. Under COPPA guidelines, personal information encompasses individually identifiable data collected online, including:

• Location 
• Home or other physical address 
• Contact information and security numbers
• Persistent identifiers such as IP addresses and device identifiers
• Photographs, videos, or audio recordings containing a child’s voice or image.
  
  

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA - Apple App Store

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA - Google Play Store

Methodology

Pixalate’s data science and legal teams analyzed 24,561 mobile devices using the following criteria:

1. Platform Availability. Apps downloadable from the Google Play Store and the Apple App Store during Q2 2025 
2. Classification. Apps identified as likely child-directed, determined by  Pixalate’s COPPA Methodology
3. Advertising Integration. Apps with programmatic advertising traffic impressions targeted towards consumers within the United States. Apps with ads may also contain app-ads.txt files as detected by Pixalate’s technology or one of Pixalate’s third-party licensors
4. Policy Analysis. Privacy policies were primarily crawled during Q2 2025 96%), while Pixalate crawled the remaining 4% of apps during Q1 2025

For the complete list and the methodology, download the report here:

*References to ‘without a privacy policy/policies’ or ‘no detected/detectable privacy policy/policies’ imply that Pixalate’s proprietary systems were unable to detect or identify a purported privacy policy/notice URL at the time of crawling the App Stores pursuant to Pixalate’s proprietary privacy policy detection and classification system. Based on Pixalate’s methodology and analysis, all of the identified apps generally exhibit characteristics aligned with the child-directed factors under the COPPA Rule, suggesting that these apps likely appeal to, or may predominantly be used by, children.

**References to advertising-enabled mobile apps, or apps with ads are those that have open programmatic advertising traffic, with ad impressions targeted towards United States based consumers at the time of crawling.

To learn more, please review the report’s methodology.

About Pixalate

Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT).  pixalate.com

Disclaimer

The content of this press release, and the Q2 2025 State of Children’s Privacy on Mobile Apps Report (the ‘report’) - including all content set forth herein, reflect Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry, inclusive of advertisers, advertising technology companies, developers of mobile applications, professional advisors, non-governmental entities, and regulators.  Pixalate is sharing this report’s data–and opinions relating thereto–not to impugn the standing or reputation of any entity, person, or app, but, instead, to report opinions and suggest trends pertaining certain apps available for download via the Apple App Store & Google Play Store during the time period studied. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees.

It is important to note that the mere fact that an app appears to be directed to children or is deemed likely child-directed (e.g., data subjects under 13 years of age, as defined by COPPA), does not mean that any such app, or its operator, is failing to comply with COPPA. Further, with respect to apps that appear to be directed to children and have characteristics that, in Pixalate’s opinion, may trigger related privacy obligations and/or risk, such assertions reflect Pixalate’s opinions (i.e., they are neither facts nor guarantees); and, although Pixalate’s methodologies used to render such opinions are derived from automated processing, which at times is coupled with human intervention, no assurances can be – or are – given by Pixalate with respect to the accuracy of any such opinions.