Pixalate, the global market-leading ad fraud protection, privacy, and compliance analytics platform, has released the Q1 2025 State of Children’s Privacy on Mobile Apps Report, part of its COPPA Violation Risks in Mobile Apps series. 

The report highlights app developers on the Google Play Store and Apple App Store that are at risk of violating the Children’s Online Privacy Protection Act (COPPA) for gathering children’s personal information through likely child-directed apps without a compliant privacy policy,* as assessed by Pixalate. According to Pixalate’s analysis, 100% of these likely child-directed and advertising enabled** apps shared US consumers’ personal information with advertisers via the advertising bid stream. 

Children’s Online Privacy Protection Act (COPPA) background

COPPA requires operators of apps (in this case, app developers) that collect, use, or disclose personal information from children to post an online privacy policy. To be COPPA compliant, the privacy policy must disclose (16 C.F.R. § 312.4 (d) (1-3): 

• The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the app;
• A description of what information the operator collects from children, including whether the operator enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information; 
• The procedures by which a parent can review or have deleted the child’s personal information and refuse to permit its further collection or use. 

For Pixalate's compliance technology to classify a likely child-directed app as potentially non-compliant with the COPPA Rule, one or more of the following deficiencies must be identified:

• No privacy policy URL was detected in the app stores.
• A URL claiming to link to a privacy policy was detected in the app stores, but neither the page it led to nor any linked pages (in headers / footers) were identified as privacy policies by Pixalate’s compliance technology. 
• A privacy policy URL was detected, but it likely did not meet the disclosure obligations of the COPPA Rule, according to Pixalate’s analysis. 

Key state of children’s privacy on mobile apps: report findings

• Compliance issues: 17% (286) of the identified advertising enabled and likely child-directed mobile apps were likely non-compliant with COPPA
  •  17 mobile apps did not have a detectable privacy policy
• Missing disclosures: 79% (225) of the identified mobile apps with ads lacked a Children's Privacy disclosure – a requirement under the COPPA Rule
• Sensitive data concerns: 53% (153) of the mobile apps with ads that were likely non-compliant under COPPA requested sensitive data permissions, such as location, camera access, audio, etc.
• Data sharing risks: 72% (207) of the identified likely non-compliant ad-enabled mobile apps in the Google Play and Apple App Stores shared US consumers' location data with advertisers in the ad bid stream

For this report, Pixalate’s legal and data science teams analysed the privacy policies of over 24K likely child-directed apps enabled for programmatic advertising (e.g., has ad impressions targeted towards US Consumers). These apps were available for download from the Google Play Store and Apple App Store in Q1 2025.

For the complete list and the methodology, download the report here.

_{^{*References to ‘without a privacy policy/policies’ or ‘no detected/detectable privacy policy/policies’ imply
that Pixalate’s proprietary systems were unable to detect or identify a purported privacy policy/notice URL at the time of crawling the App Stores pursuant to Pixalate’s proprietary privacy policy detection and
classification system. Based on Pixalate’s methodology and analysis, all of the identified apps generally
exhibit characteristics aligned with the child-directed factors under the COPPA Rule, suggesting that these apps likely appeal to, or may predominantly be used by, children.
**References to advertising-enabled mobile apps, or apps with ads are those that have open
programmatic advertising traffic, with ad impressions targeted towards United States based consumers at the time of crawling.}}

Pixalate

Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV), Mobile Apps, and Websites. ...

More about Pixalate »

Powered by PressBox