A coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), have today filed a complaint with the Federal Trade Commission asking them to investigate and sanction Google for how its Google Play Store markets apps to children. The complaint states that Google features apps designed for very young children in its Play Store’s “Family” section, many of which are violating federal children’s privacy law, exposing kids to inappropriate content and disregarding Google’s own policies by luring kids into making in-app purchases and watching ads.
Google Play ‘Family’ section
Google first introduced its “Designed for Families” program back in 2015, which gives developers of kid-friendly apps meeting certain guidelines additional visibility in the Play Store. This includes a placement in the Family section, where apps are organized by age appropriateness.
To qualify, “Family” apps must abide by specific content policies, Google’s Developer Distribution Agreement and the Designed for Families DDA Addendum. The apps also must meet the Designed for Families program requirements. Legal compliance with federal privacy laws, including COPPA (Children’s Online Privacy Protection Rule), are among the requirements.
COPPA is designed to protect children under the age of 13 by giving parents control over what information sites and apps can collect from their kids.
Above: Google Play store showcases children’s content in its own dedicated sections
But the new FTC complaint claims that Google is not verifying COPPA compliance when it accepts these apps and, as a result, many are in continual violation of the law.
“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley, in a statement shared by the group. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem,” he added.
TechCrunch asked the coalition if it had some idea about how many apps were in violation of COPPA, and were told the groups don’t know an exact number.
“From our survey — and more comprehensive analyses like the PET Study — it seems fairly prevalent,” Lindsey Barrett, Staff Attorney at Georgetown’s Institute for Public Representation, told us.
“The PET Study found that 73 percent of the kids apps in the Play store transmitted sensitive data over the internet, and we saw apps sending geolocation without notice and verifiable parental consent, and sending personal information unencrypted,” Barrett said. “Further, under COPPA, children’s PII cannot be used for behavioral advertising. Yet, many of the children’s apps we looked at were sending information to ad networks which say their services should not be used with children’s apps,” she added.
The apps also engage in other bad behaviors, like regularly showing ads that are difficult to exit or showing those that require viewing in order to continue the current game, according to the complaint. Some apps pressure kids into making in-app purchases — in one example, the game characters were crying if the kids didn’t buy the locked items, it notes. Others show ads for alcohol and gambling, despite those being barred by Google’s Ad Policy.
Above: disturbing images from TabTale apps
The coalition additionally called out some apps for containing “graphic, sexualized images” like TutoTOONS “Sweet Baby Girl Daycare 4 – Babysitting Fun,” which has more than 10 million downloads. (The game has a part where kids change a baby’s diaper, wipe their diaper area, then rub powder all over the baby’s body.) Others model harmful behavior, like TabTale’s “Crazy Eye Clinic,” which teaches children to clean their eyes with a sharp instrument, and has more than one million downloads. (The game is currently not available on Google Play and its webpage is down.)
The complaint also broadly takes issue with apps that use common SDKs like those from Unity or Flurry (disclosure: Flurry and TechCrunch share a corporate parent) to collect device identifiers from the children’s apps.
“Nearly three-quarters of the apps in the Family section transmit device identifiers to third parties,” reads the complaint. “There is no way for us to know for sure what the device identifiers are used for. Since many of the apps send device identifiers to third parties that specialize in monetizing apps and/or engaging in interest-based (behavioral) advertising, it seems unlikely that this information is being used solely to support internal operations,” it says.
Above: Strawberry Shortcake Puppy Palace was called out for aggressive monetization efforts. Strawberry tells kids to buy things to keep the puppy happy — the implication is if you don’t pay, you’re making puppies sad.
The groups say that Google has been aware of all these problems for some time, but hasn’t taken adequate steps to enforce its criteria for developers. As a result, the consumer advocacy groups are urging the FTC to investigate the Play Store’s practices.
The coalition had previously asked the FTC to investigate developers of children’s apps aimed at preschoolers who were using manipulative advertising. But today’s complaint is focused on Google.
“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy. “And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare,” Chester said.
Apple was not similarly called out because a similar analysis has not yet been done on its app marketplace, Josh Golin, executive director at CCFC told us. In Google’s case, he explained, two major studies found widespread issues with the Play Store apps for kids. One from Berkeley researchers found widespread COPPA non-compliance; the other, by University of Michigan researchers, found children’s play experience was often completely interrupted and undermined by aggressive marketing tactics.
The complaint comes at a time where there is increased scrutiny as to how tech companies are misusing and abusing consumer data and violating privacy. Kids game have already been the subject of some concern. And this morning, an NYT investigation into Facebook revealed it had shared more of users’ personal data than disclosed with major tech companies, following a year of data scandals.
The issue of data privacy is an industry-wide problem. Tech companies’ failures on this front will likely lead to increased regulation going forward.
Not all the named developers were immediately available to comment this morning. We’ll update if comments are provided. (Update: TutoToons says they removed the inappropriate content from the app after becoming aware of the complaint. They urged parents and child advocacy groups to reach out to them directly in the future.)
Google says it’s taking the complaint seriously. It has removed thousands of apps from its Designed for Families program this year, and rejects a third of applications.
“Parents want their children to be safe online and we work hard to protect them. Apps in our Designed for Families program have to comply with strict policies on content, privacy and advertising, and we take action on any policy violations that we find,” a Google spokesperson says. “We take these issues very seriously and continue to work hard to remove any content that is inappropriately aimed at children from our platform,” they added.
The full complaint is below.
[scribd id=396028943 key=key-PybhvsgaTT3eedXLjWrg mode=scroll]