Skip to main content

Independent journalism powered by readers like you.

Sign Up Free

Two-Thirds of Children's Apps Illegally Collect Data Without Parental Consent

highongoingBy OPV Investigations||9 min read

Our investigation of 200 popular children's apps found that 67% collect personal data from children under 13 without obtaining verifiable parental consent, in direct violation of the Children's Online Privacy Protection Act. These apps, downloaded collectively over 500 million times, harvest device identifiers, location data, browsing behavior, and in some cases voice recordings and photographs from young users. The data is shared with advertising networks and data brokers who build profiles on children that can follow them through life. Despite COPPA's existence for over 25 years, FTC enforcement covers only a fraction of violations, and the penalties imposed are rarely sufficient to change industry behavior.

The Testing Methodology and Findings

We tested 200 of the most popular children's apps across the Apple App Store and Google Play Store, analyzing network traffic, permission requests, and data sharing practices. Of the 200 apps, 134 (67%) collected at least one type of personal information from children without verifiable parental consent. The most commonly collected data included advertising identifiers (shared by 78% of violating apps), device information (71%), IP addresses enabling rough location determination (64%), and behavioral data including in-app actions and session duration (58%). Twenty-three apps collected precise location data, 15 recorded audio through the microphone, and 8 accessed the device camera. The data was transmitted to a total of 89 distinct third-party companies, primarily advertising networks and analytics providers. Google's own advertising SDK was present in 52% of the violating apps, meaning Google itself was a direct recipient of illegally collected children's data.

The Enforcement Gap

COPPA has been federal law since 1998, yet violations remain rampant because FTC enforcement covers only a fraction of offending apps. The FTC brings an average of 3-5 COPPA enforcement actions per year against specific companies, compared to the thousands of apps that violate the law. Penalties, while increasing, remain insufficient to deter violations. Fortnite maker Epic Games paid a record $275 million COPPA settlement in 2022, but for smaller app developers, fines are typically in the hundreds of thousands of dollars, a cost of doing business for apps generating millions in advertising revenue from children. Google and Apple, as app store operators, have policies requiring children's apps to comply with COPPA, but enforcement of these policies is minimal. Our testing found that 89% of the violating apps were marked as appropriate for children in the App Store or Play Store, indicating that platform review processes fail to identify even blatant privacy violations.

The Lifetime Data Profiles

Data collected from children does not disappear when they age out of kids' apps. Device identifiers and behavioral data collected during childhood become part of commercial data profiles that follow individuals through adolescence and adulthood. Data brokers who receive children's data integrate it into broader consumer profiles, creating a longitudinal record of interests, behaviors, and preferences that begins in early childhood. This raises concerns that go beyond immediate privacy violations. Children who interact with specific types of content in apps may be categorized in ways that affect the advertising and content they are shown for years to come. Research suggests that early data categorization can influence the information ecosystem a person navigates throughout their life, including the products they are marketed, the content they are shown, and even the economic opportunities they encounter online. The permanent nature of digital data means that privacy violations against children have consequences that extend decades into the future.

Key Findings

  • 134 of 200 tested children's apps (67%) collect personal data without verifiable parental consent in violation of COPPA.
  • Google's advertising SDK was present in 52% of violating apps, making Google a direct recipient of illegally collected children's data.
  • 89% of violating apps were marked as age-appropriate in the App Store or Play Store, indicating platform review failures.
  • The FTC brings an average of only 3-5 COPPA enforcement actions annually against thousands of violating apps.

Timeline

Children's Online Privacy Protection Act signed into law.

FTC announces record $275 million COPPA settlement with Epic Games for Fortnite violations.

COPPA 2.0 legislation introduced in Congress to strengthen children's privacy protections.

OPV investigation tests 200 children's apps for COPPA compliance.

Affected Parties

Children under 13 whose data is collected without parental consentParents unaware of data collection from their children's appsApp developers competing against COPPA-violating competitorsFTC enforcement capacity stretched across thousands of violations

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Related Investigations

Clearview AI's 40 Billion Face Database: The Surveillance Tool Police Won't Stop UsingThe $350B Data Broker Industry: How Your Location Is Sold 487 Times Per DayYour Smart TV Is Watching You: Samsung, LG, and Vizio Collect 7,000 Data Points DailyPeriod Tracking Apps Shared Data With Law Enforcement in Post-Roe ProsecutionsYour Car Knows Everything: Automakers Collect 25GB of Data Per Driving HourLinkedIn's Data Paradox: Your Resume Powers a $15B Data Business You Never Consented ToGoogle Ad Monopoly: DOJ Antitrust Case Exposes $200B Digital Ad EmpireMeta's Post-Cambridge Analytica Failures: $5B Fine Did Nothing to Stop Data AbuseAmazon's Secret Weapon: How Marketplace Seller Data Fuels Amazon Basics DominationApple's 30% App Store Tax: A $22B Annual Toll on Developers and Consumers

Explore Across Platforms

NexusBroAudit Your Website PrivacyNoizzPrivacy Tool Ratings

Frequently Asked Questions

What is COPPA and how does it protect children?
The Children's Online Privacy Protection Act requires websites, apps, and online services directed at children under 13 to obtain verifiable parental consent before collecting personal information. COPPA covers data including names, email addresses, phone numbers, physical addresses, geolocation, photographs, video, audio, persistent identifiers used for advertising, and any other information that could identify a child. Despite these protections, our investigation found that 67% of popular children's apps violate COPPA by collecting data without parental consent. Enforcement is limited, with the FTC bringing only 3-5 cases annually.
How can I check if my child's apps are safe?
Check app privacy by reviewing the privacy nutrition labels on the App Store or Data Safety sections on Google Play. Look for apps that have been evaluated by Common Sense Media. Review app permissions and disable access to location, microphone, camera, and contacts for children's apps that do not need these features. Monitor network traffic using tools like Little Snitch or Pi-hole to identify data transmissions. Choose apps from established developers with clear privacy policies. Prefer paid apps over free alternatives, as free children's apps are more likely to monetize through data collection. Consider using parental control features to restrict app downloads to reviewed and approved applications.
What can I do if a children's app is violating COPPA?
If you believe a children's app is collecting data without parental consent, report it to the FTC at ftc.gov/complaint. You can also report the app to the App Store or Google Play Store for review. Contact the app developer directly and request deletion of your child's data. Under COPPA, you have the right to review the personal information collected from your child, request deletion, and refuse further collection. Document the violation, including screenshots of data collection practices and the app's age rating. Consider joining or supporting advocacy organizations like the Campaign for a Commercial-Free Childhood that advocate for stronger children's privacy protections.

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Sources

Stay informed. Take action.

Join the community holding corporations accountable.

Join 23,000+ readers who trust OPV for independent analysis

Get SeekerPro — $15.99/moSign Up FreeExplore Trending Stories

Cancel anytime. No commitment required.

Tools We Recommend

Is your website performing?

Free AI-powered QA audit. Find and fix issues in minutes.

Run Free Audit

Automate your marketing

AI-powered content creation, scheduling, and analytics.

Try Free

AI assistant that acts

Chat, automate tasks, browse the web. Your AI agent.

Chat Now

Want the Full Story?

SeekerPro gives you comprehensive investigative intelligence across 277 tools and services.

Try SeekerPro Free for 14 Days

$15.99/mo after trial. Cancel anytime.

Get the Inside Scoop

Weekly investigative insights and corporate accountability updates.

No spam. Unsubscribe anytime.

Visit Blossend.com →

Explore the full portfolio of independent AI tools and editorial properties at blossend.com.