Kid apps: Are mobile providers protecting your child's privacy?
It can be hard for parents to decipher whether or not mobile apps are collecting and selling sensitive information about their kids, such as location and purchasing habits. But some are working to make the muddy world of app privacy policies a little more clear and help parents worry about kid apps less.
In this October 2011 file photo, Frankie Thevenot plays with an iPad in his bedroom at his home in Metairie, La. Privacy policies for kid apps can be confusing, and provider don;t have to say whether their products track kids' locations or buying habits.
Gerald Herbert/AP/File
Privacy is an iffy thing in the mobile world – for children as well as adults.
Say, before leaving for summer vacation, you download applications to a smart phone or iPad to keep the kids occupied on the five-hour drive to the beach. Do you know what information that app gathers or whether it allows your child to make purchases? Do you know if it allows a company to track your child's geographic location?
For most parents, the answer is no. The disclosures are hard to decipher. Safeguards are few. The issue is beginning to get some attention at the state and federal levels and among private groups. Still, it's hard to make an informed choice.
"At the heart of the issue is a complete lack of transparency about the extent that apps, for a variety of reasons often not made clear, gather sensitive material," says John Simpson, director of Consumer Watchdog's Privacy Project in Los Angeles. "There's a complete lack of explanation about everything that's going on in the apps world. It's a Wild, Wild West."
The Federal Trade Commission is pushing the industry to reform. In a report issued in February, the FTC examined more than 400 randomly selected children's apps at Apple's iTunes App Store and Android's Market. Prior to downloading an app, researchers found that disclosures about data-gathering practices, targeted advertising, social media links, and third-party data sharing were virtually nonexistent.
"There just weren't any disclosures about any of these issues," says Manas Mohapatra, a senior attorney in the mobile technology unit of the FTC's Bureau of Consumer Protection. The FTC enforces the Children's Online Privacy Protection Act (COPPA). "Parents would not be able to know what an app's practices were prior to download."
Consider, for example, an app's ability to pinpoint a user's location. In urban areas, a device's geographic position can be measured to within 50 to 200 feet, Ashkan Soltani, an independent privacy researcher and consultant, testified in a Senate hearing last year. While the mobile industry contends data is gathered anonymously, Mr. Soltani explained how geolocation data can be cross-referenced with a device's serial number or even name and credit-card information from the app store to paint a pretty clear picture of the end user.
Mobile devices are almost always on, so it's easy to track users and their habits. Even if data isn't given to a third party, collection is vulnerable to a security breach.
Mobile app companies point out that the technology is changing so fast it's hard to keep up. "We are constantly working on new industry best practices," says Morgan Reed, executive director of the Washington-based Association for Competitive Technology, which represents more than 5,000 software devel-opers. No one is trying to deceive the end user, he adds. "We all want to be in a position where our users are happy with us, like us, and want to buy more of our applications and services."
Some reform efforts are under way. In February, California's attorney general secured an agreement with Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion to improve privacy protections. The challenge is to make the disclosures comprehensible enough to be effective.
"Privacy policies are tedious to read and often seem written by lawyers who are paid to obfuscate," says Mr. Simpson. "Reading a privacy policy on a mobile device, that's very difficult to do."
Since the release of the FTC report earlier this year, some children's app developers have started using privacy icons. The easy-to-read symbols help parents make informed choices and were developed by Moms With Apps (MWA), a global network of 1,200 registered children's app developers based in San Francisco. There are still challenges. It's hard to know where to put icons so the consumer can see them before downloading. And parents need to understand what the icons mean.
"Parents need to stay engaged with their children's online activities and keep up with technological advances," says MWA spokeswoman Lorraine Akemann in a statement. "We also need the app stores to provide frameworks for describing, rating, and classifying apps so parents have a standard format for deciphering product information."
For some, disclosure isn't enough.
"The better approach is to impose substantive limitations on the collection and use of personal data" in the first place, writes Marc Rotenberg in an e-mail. He's executive director of the Washington-based public interest research group Electronic Privacy Information Center. "Most app devel-opers simply collect far more information, such as complete address books, than they should," he says.
The FTC will be looking at this and other privacy issues in the future. Mr. Mohapatra says the commission plans a follow-up study in the next six months to look not only at progress on disclosures but whether there are COPPA violations as well.