FTC to Apple, Google: Apps for kids must disclose data privacy practices

Tools

Apple's (NASDAQ:AAPL) App Store, Google's (NASDAQ:GOOG) Android Market and their mobile application developer partners must provide parents with greater insight into the data collection practices of apps downloaded by their children according to a new staff report issued by the Federal Trade Commission.

Noting that apps can automatically capture user data including precise geolocation, phone number, contacts, call logs and unique identifiers and other information stored on the device, the FTC states that the App Store offers almost no information about data collection and sharing, while Android Market supplies little beyond general permission statements on app promotion pages.

"In most instances, staff was unable to determine from the information on the app store page or the developer's landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who obtained access to such data," FTC chairman Jon Leibowitz said in a statement.

The FTC report urges all members of the "kids app ecosystem"--stores, developers and third parties providing services--to assume an active role in providing information to parents. The commission says developers should provide data practices information in simple and short disclosures, clarifying whether the app connects with social media and whether it contains advertisements. Third parties that collect data also should disclose their privacy practices, and app stores should shoulder greater responsibility to guarantee parents have more information: "As gatekeepers of the app marketplace, the app stores should do more," Liebowitz said.

The FTC enforces the Children's Online Privacy Protection Rule, which requires operators of digital services (including mobile apps) to provide notice and secure parental consent prior to collecting information from children under 13. The FTC adds that over the next six months, staffers will conduct an additional review to determine whether some mobile apps are in violation of COPPA rules.

The Future of Privacy Forum applauded the FTC report. "App developers simply have to get privacy right, despite the challenges that start-ups can face with resources and speed to market," FPF director and co-chair Jules Polonetsky said in a statement. "But accessing user data is a privilege, not a right, and if companies don't make user trust their first priority they may find that users or platforms will make useful data unavailable. The FTC's report showing how hard it can be for parents to get basic information about apps their children use should be a wake-up call for developers and platforms alike. Although this ecosystem is still new and developing, privacy issues need to be part and parcel of every plan to launch a new service."

The Application Developers Alliance, an industry group launched earlier this year, also backed the FTC's findings. "The Application Developers Alliance agrees that parents should have clear, simple, easy-to-use tools to protect their children's privacy," ADA president Jon Potter said in a statement. "As part of the Apps Alliance and our members' leadership on this issue, we will join the Future of Privacy Forum to host a summit of developers and industry leaders on April 25 focused on app privacy for children. The Apps Alliance was founded to provide support for app developers and, when appropriate to bring app developers and policymakers together. Privacy, particularly kids privacy, is paramount to our members."

Earlier this week, Apple announced it will upgrade its iOS platform so that developers can only access users' contact data after receiving explicit permission to do so. "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr told All Things Digital. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

For more:
- read this release

Related articles:
Amid privacy uproar, Apple promises to detail app permissions
Path admits mistake, allows users to opt out of contacts database
Path slammed for uploading users' mobile address books
Lawmaker Markey unveils Mobile Device Privacy Act
How mobile security is fueling subscriber insecurity