This post was written by Frederick Lah.

It continues to be a busy time in the world of mobile app privacy. Last week, we reported on the California attorney general bringing a mobile privacy enforcement action against Delta Air Lines. And just yesterday, the FTC issued its second staff report on the privacy practices of mobile apps for children, “Mobile Apps for Kids: Disclosures Still Not Making the Grade.”

This report reiterates some of the findings from the FTC’s first report on the privacy practices of mobile apps for children, “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing.” The FTC continues to voice its dissatisfaction with the current privacy disclosures that companies are providing to parents, such as what type of data the app collects, who will have access to that data, how the data will be used, and who that data will be shared with. The FTC continues to believe that such disclosures should be provided prior to download since once an app is downloaded, the app may already be collecting the child’s information.

The basis of the second report was again a survey of approximately 400 apps, 200 each from the Apple and Google Play app stores. According to the survey, only 20 percent of the apps reviewed contained any privacy-related disclosures at all, whether on the app’s promotion page, on the developer website, or within the app. In addition, the FTC’s survey found that:

  • 59 percent of the apps reviewed transmitted device ID, geolocation, or phone number to the developer, an advertising network, analytics company or other third party, yet only 11 percent of the apps disclosed that the app transmitted such data.
  • 58 percent of the apps reviewed contained advertising within the app, yet only 9 percent disclosed that the app contained advertising.
  • 22 percent of the apps reviewed contained links to social media, yet only 9 percent disclosed that fact.

The FTC intends to conduct another survey in the future, and they “expect to see improvement.” They noted that such discrepancies between a company’s privacy practices and disclosures could constitute violations of COPPA or the FTC Act. With the FTC’s continued focus in this area and the proposed COPPA rules expected to be implemented shortly, we anticipate that the intersection between mobile apps and children’s privacy will continue to draw heightened regulatory scrutiny. In the meantime, we recommend that companies operating in the mobile space (especially those providing apps for children) review and update their mobile app privacy disclosures now before they become the next enforcement target.