Nearly 60 percent of the mobile apps the FTC reviewed from the Google Play and Apple App stores transmitted the device ID. They also often shared that ID with an advertising network, analytics company or another third party. Of those 235 mobile apps, 14 also transmitted the location of the device and the phone number, the FTC found.
More than half of the apps also contained interactive features such as in-app purchases and advertising that were not disclosed to parents.
Because a large number of the apps sent information to a small number of third parties, those third parties could potentially develop detailed profiles of kids based on their behavior in the different apps, the study found.
Yet only 20 percent of the apps disclosed any information about their privacy practices.
"While we think most companies have the best intentions when it comes protecting kids' privacy, we haven't seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids. In fact, our study shows that kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents," FTC Chairman Jon Leibowitz said in a written statement. "All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job. We'll do another survey in the future, and we will expect to see improvement."
Federal regulators urged developers last February to disclose in their privacy policies what information they collect, how they use it and with whom they share it. They also called on the Apple and Google app stores to track the data collection and sharing policies of developers who market mobile apps to kids.
"Parents still are not given basic information about the privacy practices and interactive features of mobile apps aimed at kids," the study released Monday concluded.
The FTC's authority over children's mobile apps comes from laws that prohibit unfair and deceptive acts of commerce, as well as the Children's Online Privacy Protection Act, or COPPA, which requires operators of online services for children under 13 to get consent from parents before collecting and sharing personal information.
The FTC in September proposed updating COPPA, part of its broader push to strengthen online privacy protections, but has met with resistance from the technology industry.
The FTC said Monday it is launching investigations to determine if certain mobile apps developers have violated COPPA or have engaged in unfair or deceptive trade practices.
It also turned up the pressure on mobile apps developers to give parents "easy to understand" choices about data collection and sharing on kid apps.
"Illicit data collection from their mobile phones and tablets places kids at risk," said Jeffrey Chester, executive director of the Center for Digital Democracy. "No one should get access to kids' data, especially geo-location information, without prior consent from a parent."
- The Buzz: Two by two 12/11/12