App makers under investigation over kids' privacy
WASHINGTON (AP) - Software companies that make cellphone apps are being investigated to determine whether they have violated the privacy rights of children by quietly collecting personal information from phones and sharing it with advertisers and data brokers, the Federal Trade Commission said Monday. Such apps can capture a child's physical location, phone numbers of their friends and more.
The FTC described the marketplace for mobile applications - dominated by online stores operated by Apple and Google - as a digital danger zone with inadequate oversight. In a report prepared by the FTC's own experts, it said the industry has grown rapidly but failed to ensure the privacy of young consumers is adequately protected.
Of the 400 apps designed for kids examined by the FTC, most failed to inform parents about the types of data the app could gather and who could access it, the report said. Others apps contained advertising that most parents would find objectionable and included links to Facebook, Twitter and other social media services where kids post information about themselves.
The report said some mobile apps can siphon data to "invisible and unknown" third parties that could be used to develop a detailed profile of a child without a parent's knowledge or consent.
The FTC also said it was investigating whether any of the software companies that produce apps engaged in unfair or deceptive trade practices, which would be illegal.
In one case, an app that allows children to paint pictures and save them in an online photo gallery didn't indicate that it includes advertising. But investigators said the app ran an ad across the bottom of the screen for an online dating service that said, "See 1000+ Singles."
The FTC did not indicate which companies it was investigating or exactly how many of them.
The agency is considering major changes to a 1998 law, Children's Online Privacy Protection Act, that would impose tougher online safeguards for children under 13. Technology companies have warned that the proposed changes were too aggressive and could discourage them from producing kid-friendly content on the Internet. Public interest groups have pushed hard for the changes, saying expanded use of mobile devices and methods for collecting personal data have outpaced rules put in place more than a decade ago.
The commissioners are expected to vote on the revisions to the law within weeks. Among the proposed changes is a requirement to prohibit the use of behavioral marketing techniques to track and target children unless a parent approves.
The new FTC report builds on an earlier survey of the mobile apps industry by the commission's staff that urged apps stores and developers - along with the advertisers and brokers they work with - to be more open about how their programs work. The commission credited Apple and Google for new policies that encourage developers to publish their privacy policies clearly and in places that are easily accessible. But the FTC said there was too little progress, forcing it to take more aggressive steps.
As of September, Apple and Google combined offered more than 1.4 million apps for downloading, up from 880,000 in March, the FTC said.
The staff randomly selected 200 apps each from the Google and Apple stores using the keyword "kids." After testing the apps, they determined that 60 percent of them transmitted the user's device identification to the software company or, more frequently, to advertising networks and data brokers that compile, analyze and sell consumer information for marketing campaigns.
The device ID is a string of letters or numbers that uniquely identifies each mobile device and can represent a pathway to more personal information, like a person's name, phone number and email address. More than a dozen of the apps that transmitted device IDs also sent the user's exact geographic location and phone number, the FTC said.
Only about 20 percent of the apps disclosed any information about the program's privacy practices, and the FTC said many disclosures were inadequate.
"Many consisted of a link to a long, dense and technical privacy policy that was filled with irrelevant information and would be difficult for most parents to read and understand," the report said.
More than 20 percent of the apps examined included links to social media services but few informed consumers about them before the program was downloaded. The FTC said the result was that children could post comments, photos or videos that could harm their reputations or offend other people.
The FTC described the marketplace for mobile applications - dominated by online stores operated by Apple and Google - as a digital danger zone with inadequate oversight. In a report prepared by the FTC's own experts, it said the industry has grown rapidly but failed to ensure the privacy of young consumers is adequately protected.
Of the 400 apps designed for kids examined by the FTC, most failed to inform parents about the types of data the app could gather and who could access it, the report said. Others apps contained advertising that most parents would find objectionable and included links to Facebook, Twitter and other social media services where kids post information about themselves.
The report said some mobile apps can siphon data to "invisible and unknown" third parties that could be used to develop a detailed profile of a child without a parent's knowledge or consent.
The FTC also said it was investigating whether any of the software companies that produce apps engaged in unfair or deceptive trade practices, which would be illegal.
In one case, an app that allows children to paint pictures and save them in an online photo gallery didn't indicate that it includes advertising. But investigators said the app ran an ad across the bottom of the screen for an online dating service that said, "See 1000+ Singles."
The FTC did not indicate which companies it was investigating or exactly how many of them.
The agency is considering major changes to a 1998 law, Children's Online Privacy Protection Act, that would impose tougher online safeguards for children under 13. Technology companies have warned that the proposed changes were too aggressive and could discourage them from producing kid-friendly content on the Internet. Public interest groups have pushed hard for the changes, saying expanded use of mobile devices and methods for collecting personal data have outpaced rules put in place more than a decade ago.
The commissioners are expected to vote on the revisions to the law within weeks. Among the proposed changes is a requirement to prohibit the use of behavioral marketing techniques to track and target children unless a parent approves.
The new FTC report builds on an earlier survey of the mobile apps industry by the commission's staff that urged apps stores and developers - along with the advertisers and brokers they work with - to be more open about how their programs work. The commission credited Apple and Google for new policies that encourage developers to publish their privacy policies clearly and in places that are easily accessible. But the FTC said there was too little progress, forcing it to take more aggressive steps.
As of September, Apple and Google combined offered more than 1.4 million apps for downloading, up from 880,000 in March, the FTC said.
The staff randomly selected 200 apps each from the Google and Apple stores using the keyword "kids." After testing the apps, they determined that 60 percent of them transmitted the user's device identification to the software company or, more frequently, to advertising networks and data brokers that compile, analyze and sell consumer information for marketing campaigns.
The device ID is a string of letters or numbers that uniquely identifies each mobile device and can represent a pathway to more personal information, like a person's name, phone number and email address. More than a dozen of the apps that transmitted device IDs also sent the user's exact geographic location and phone number, the FTC said.
Only about 20 percent of the apps disclosed any information about the program's privacy practices, and the FTC said many disclosures were inadequate.
"Many consisted of a link to a long, dense and technical privacy policy that was filled with irrelevant information and would be difficult for most parents to read and understand," the report said.
More than 20 percent of the apps examined included links to social media services but few informed consumers about them before the program was downloaded. The FTC said the result was that children could post comments, photos or videos that could harm their reputations or offend other people.
They left out a key bit of info in the story. Â When they say 60% of the apps tested sent user device id to a third party for analysis they forgot to mention that one company was 90% and the other was 30% for an average of 60%. Â And since one company IS an advertising company and the other is a software/hardware company it is not hard to figure which is which. Â I wonder why they left this bit out. Â Google needs to be dismantled.
Nooooooooooooo! Tell me its not Soooooooooo!? Â Duh....
If anybody bothered to read the TOS of the different smartphone markets they would realize that kids under 13 are not allowd to use the market and 13-17 only with parental supervision. If data is being collected it is the fault of the parent for not properly supervising what their kid is using.
The government is in for a rude awakening. Â Those ads aren't from the app developers. Â They are part of the coding that many actual code vendors require if you aren't using their 'pay-for' model. Â A code vendor is usually an online resource that allows even non-techies to create their own apps, and it is often beyond the control of the app developer what gets collected. Â Got to go back much more into the supply chain. Â How about those collecting the data providing better notifications? Â That's where this starts.
WHAT? An item designed and made with data-mining capabilities built in, and marketed to people of all ages, and it's being used to mine data for marketing, especially the young and impressionable before they form life-long habits? Shocking, I tell you, absolutely shocking. Just assume your every move can be tracked if you have a cell phone, folks... then imagine the most malevolent corporate head or politician or criminal with access to that data, because they do, or soon will.
Â
Have a nice day.
This is very disturbing, and not just for children. Everyone should be worried. So, if you buy something, can your credit card details be sent somewhere else? If you make reservations somewhere, who may know that you are not at home, and what your address is? This is just too obtrusive for my liking.
@Gottadance You should be alright making purchases with your smart phone but never store your credit card numbers on your phone. With hackers, anything is possible. If one person made it, then there is another person out there that is hell bent to break it.
@robmo I get what you are saying, but if you send your credit card information and some other application the recipient is using gathers the information, wouldn't it be true that it is no longer in your control? I am thinking about those new devises for small businesses that allow a smart phone to accept credit cards, for instance. At any rate, doesn't it just irritate you that some big corporation feels it is their right to obtain your information and sell it along, just because you purchased their product?Â
@Gottadance The type of device for scanning credit cards would require you to install an app that is companion to the card scanner. When you scan the card, the data is transmitted to the card scanning vendor where it is securely stored. No credit card numbers are stored on the phone that you scanned with. The trick here is to be sure you are using a reputable vendor that designed the product.
Â
I agree though. I don't like the idea of my information being spread around but there really isn't anyway to stop it. Consider it the price (or risk) of convenient shopping, assuming that shopping with a phone really is convenient. We'd have to start a whole new thread on that one...
This is worse than Big Brother. What if a perv got this information?
 @DDG What if the government, or a corporation, or a criminal gang got it?
Big brother knows....