Pixalate, the leading global platform for ad fraud protection, privacy, and compliance analytics, released its Q2 2025 report. The report exclusively examines mobile apps on the Apple App Store and Google Play Store that are registered in the US and likely aimed at children under 13 (i.e., child-directed) but do not collect verifiable parental consent (VPC), potentially violating the Children’s Online Privacy Protection Act (COPPA).

This report highlights potential privacy violation risks for app developers under COPPA, specifically concerning the collection, sale, or sharing of children’s personal information through likely child-directed apps without obtaining lawful VPC, as assessed by Pixalate. The Federal Trade Commission (FTC)’s  COPPA Rule governs the online collection, use, and disclosure of personal information from children under 13 in the United States (US). It also outlines multiple acceptable methods for obtaining a VPC.

Key findings raise concerns about children’s data privacy

The legal analysis, conducted by Pixalate’s legal and data science teams, examined 1,149 US-registered, likely child-directed Google Play and Apple App Store-hosted apps with advertising capabilities:

• 99% non-compliance rate: 1,136 out of 1,149 manually reviewed Google Play and Apple App Store-hosted apps failed to obtain VPC under the COPPA Rule, as assessed by Pixalate

Advertising supply chain implications
The report identifies major advertising platforms facilitating monetisation within these likely non-compliant apps:

• Google Ad Exchange: Listed in app-ads.txt files of 1,019 (90%) likely non-compliant apps
• Meta/Facebook: Present in 658 (58%) likely non-compliant apps
• AppLovin: Associated with 619 (54%) likely non-compliant apps

"App developers collecting and sharing children’s personal information without obtaining VPC signifies the apparent failure to comply with COPPA’s express compliance obligations," said Shanzay Javaid, data protection & privacy counsel at Pixalate. "Despite recent amendments to the COPPA Rule, this systematic non-compliance exposes the entire advertising supply chain, including supply-side platforms and downstream advertising partners, to regulatory risks."

To compile this research, Pixalate’s legal and data science teams employed automated processing combined with manual reviews by its Trust & Safety Advisory Board to assess nearly 134,000 apps with ads* (i.e., those with open programmatic traffic and ad impressions in the United States) available for download from the Google Play Store and Apple App Store in Q2 2025.

Download the report

Download Pixalate’s Q2 2025 Verifiable Parental Consent Failures in Mobile Apps report. 

Pixalate

Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV), Mobile Apps, and Websites. ...

More about Pixalate »

Powered by PressBox