Who Are They?
If you think we’re talking about your neighbor or some creep hanging around the bus stop, you’re wrong. You don’t know these people, but boy, do they know your kids.
They know your child’s location and can get access to a webcam. Once they have information about your child, they share it. They could be in any country in the world. All they need is for you or your child to download their app. Child-directed apps are gathering data on your kids.
What are Child-Directed Apps?
Pretty obvious, they are mobile apps designed to appeal to children. According to the Washington Post: “By the time your child is 13, online advertising firms hold an average of 72 million data points about them.” How is that possible?
The current US law allegedly protects children under 13 from being tracked online. The Children’s Online Privacy Protection Act (“COPPA”) has been revised twice and is currently being reviewed for the third time. COPPA applies to websites as well as mobile apps. But it’s apparent, the law does not effectively protect children.
Look at the Apps
One of the first issues with COPPA and apps is that a device’s IP address is not explicitly considered Personal Information. It’s somewhat laughable. An IP address will tell you the city and zip code of the user as well as their internet provider.
So if someone is tracking your kids, a legally accessible IP address is a good first start. But that’s the least of it. According to a study by Pixelate, there are 397,000 child-directed apps in Play Store and App Store. That’s roughly 8% of the apps on either platform.
(Read the entire pixelate study)
It should be noted that both Google and Apple dispute the results of the study, claiming there are problems with the methodology or bias in the research.
Apps on either store must identify their audience age range. But that has nothing to do with COPPA. Instead, it’s a content rating system – kind of like movies, G, PG-13, or R. While following those guidelines may keep your kids away from violent or sexual content, they don’t protect them from being tracked.
In 2014, app developer TinyCo was asking children who played Tiny Pets or Tiny Zoo for email accounts and social media info in exchange for game points and prizes. Though they were fined by the FTC, it’s unclear how much data they collected and dispersed.
Identifying Trackers on Apps
Some apps will be filtered into an age-range search for children’s apps by the store. As a result, a parent might assume the app is safe for kids under a certain age. But it’s not.
If the app itself doesn’t state an age range so, despite its obvious appeal to children, it collects and shares PI on the user. Pixel Art by Easy Brain, was identified by the Washington Post as one of those developers.
Many app makers say they’re only required to stop collecting data or get parental consent if they have “actual knowledge” their users are children. Without it, they can claim to be a “general-audience” product, rather than a “child-directed” one.
This despite offering coloring templates of dinosaurs and kittens. Other apps sharing information under the same “general audience” claim is Angry Birds 2, Also Candy Crush Saga – listed as a game for audiences 4 and up – also tracks and shares user information without regard for their age.
What Can Parents Do?
The challenge with apps is stronger than websites, where there are browser extensions – like Privacy Badger – to block trackers. But apps will require more effort. Neither The App Store or Google Play let you search specifically for apps that don’t have trackers.
Here are a few suggestions:
- Apps that state they are for general audiences, no matter what age range is posted, will track their users.
- If you add a VPN to the phone, the IP address will be disguised. But you will need to clear the cookies regularly.
- If you have an Android phone, use Exodus to analyze an app before you download it.
- You can use Google’s parental controls to manage app downloads.
- If you discover a tracker on a child’s app, report it to the FTC.
- Check the permissions on your child’s phone. Never give them access to buy tokens or games.
- If you have an Apple device using iOS 14.5 or later, App Tracking Transparency lets you respond to a request to be tracked by an app. Use your privacy settings to send do not track to all apps.
- Remember, Do Not Track is a request, not a protocol. There is no law (other than COPPA) that requires companies to honor that request.
Websites Too
Let’s start with this website. Note the audience is for ages 2 – 8 and it specifically claims to be COPPA certified.
We’re not going to add a link because this site has 9 trackers, according to Privacy Badger, 6 of which are labeled Red. So how does this site get certified Kid Safe by COPPA? The KID SAFE notation is a trademarked graphic that isn’t linked to anything.
Watch Search Results
The way we found the website above was by searching for websites for children. This is one site that came up in our SERPs. The site has 3 RED trackers, so those trackers are going to follow you or your kids to whatever you click on.
Never sign into websites using social media sites like Facebook. If a tracker has your Facebook profile, think of all the data they can find there. How many kids you have, where they go to school, and possibly pictures of your home and family.
Once Kids are 13
The internet considers children over 13 capable of making good choices for themselves. Google will allow them to opt-out of parental controls. Apple will allow them to maintain their account outside the Family Sharing plan.
We know our children are being tracked now. Wait until they become teenagers. There’s no law to protect them. At 13, they are on their own online.