Children online
Should children’s apps come with “warning labels”? Here’s how to make sure your kids’ digital playgrounds are safe places to play and learn.
April 11, 2024
•
,
6 minutes Read
Our children are spending more time than ever on their phones. Around 80% of European children aged between 9 and 16 access the Internet on their phones every day. In the UK, 91% of children own a mobile phone by the age of 11. And in the United States, the same share has a smartphone by age 14. While these devices and the apps installed on them can be a great tool for entertainment, socializing, and learning, they also pose risks.
As parents, we often purchase these devices primarily as a means for our children to stay connected to us, to be safe when they are away from home, and, perhaps to a lesser extent, to connect with their friends. But how many of us take into account the potential online security implications? Much of the problem lies in the lack of transparency around data usage and app developers who, unlike you, don’t always have your children’s best interests in mind.
Read on to learn the top security risks associated with apps aimed at children and how to mitigate them.
Should apps come with security warnings?
Smartphone apps are our children’s gateway to the digital world. But they could also expose them to exploitative advertising, inappropriate content, and security and privacy risks. The challenge for parents is compounded by complex privacy settings, opaque privacy policies, regulatory loopholes, weak enforcement and our own lack of awareness.
There is no doubt that there is a risk here. A study by Incogni analyzed 74 “child-oriented Android apps” used around the world. It was found that:
- Nearly half (34/74) collect at least some user data, with a third of these collecting at least seven data points including location, email addresses, purchase history and app interactions
- The developers stated that the reason for this data collection was primarily for analytics, app functionality, fraud prevention, and advertising or marketing
- Only 62% of data collection apps allow users to request deletion of their data
A separate study of iOS apps labeled for children under 12 found that all user data was shared with varying degrees of sensitivity outside the app. And 44% have sent at least one piece of personal data to third parties. About 65% share data with third parties who provide advertising or analytics for commercial purposes.
What the law says
Lawmakers have enacted specific legislation to protect children from excessive data collection and use.
In the United States, COPPA was passed in 1998 to require developers to obtain parental consent before collecting personal information from children under 13. They must also provide a clear privacy policy that details how the information they collect is used and give parents the ability to review, edit or delete this data.
In the EU, GDPR-K requires that developers collect only the minimum data necessary to provide an app’s services and, in most cases, obtain parental consent for processing personal data. It also requires age-appropriate privacy settings that are easy for children to understand and that developers regularly assess and mitigate data protection risks.
Enforcement action over the years has been limited. TikTok was a notable exception: It was hit with a €345 million ($368 million) GDPR fine and a $5.7 million FTC settlement. But just because kids app developers aren’t getting fined doesn’t mean there’s nothing wrong. Rather, it may indicate a lack of regulatory capacity to enforce the rules. So what should you worry about?
Top app risks to be aware of
- Excessive data collection: Personal information like age, email address, location, and app activity can be a goldmine for advertisers. If it is shared by developers via third-party trackers, it raises concerns about exploitative advertising and poses a data security risk; i.e., the possibility that a third party may be infringed.
- Unscrupulous advertising: Ads targeted particularly at young children may exploit their inability to discern who the advertisement is aimed at. The ads may also include inappropriate content.
- In-app purchases: Some apps, especially in the gaming world, allow users to make purchases during a session. Children may be more susceptible to developers pushing them to spend money, which could ultimately cost you dearly as a parent.
- Limited parental supervision: Some children’s apps do not have adequate parental controls, making it difficult to minimize risk exposure to your children when using the app.
- Limited privacy information: Despite regulatory requirements in many jurisdictions, children’s apps can feature opaque privacy and security policies that make it unclear how your child’s data will be used and protected. As the UK privacy regulator states: “Poor privacy information design hides risks, uncovers good user experiences and sows mistrust between children, parents and online services.”
- Oversharing: Some apps may offer children obvious and limited means to limit the amount of information they share with other users, putting them at risk of cyberbullying, data thieves and scammers.
- Inappropriate content: Apps may allow your children to access content that is inappropriate for their age group, including content shared by other users. Social media sites are particularly risky given the potentially large pool of users sharing images and videos. It may take some time for the moderators to catch up and remove anything deemed inappropriate.
- Security Risks: Mobile apps also pose significant security risks. Those not designed with security in mind could include vulnerabilities, misconfigurations, and other risks, such as lack of data encryption. These holes can be exploited by threat actors to steal your child’s data, including app logins, sign them up for premium services, or hijack their social media and gaming accounts. Alternatively, they could use access to your child’s device to commit cyber extortion.
How to mitigate app security risks
As a parent, you have a critical role to play in protecting your child’s privacy and safety when using smartphone apps. That’s how:
- Talk to your children: Educate your children about the importance of protecting their personal information and the potential consequences of security and privacy risks. An open policy will help reassure them that you should be the first port of call before they make any decisions about sharing information online. It’s nice to talk.
- Do your research: Always check any apps your child wants to download before allowing them to do so. Check their privacy policies and reputation for privacy and security.
- Stay in control: Be respectful of your child’s privacy, but let them know that you will check in occasionally to monitor app usage and permissions. Consider using parental control software to limit what they can download and the features they can access (for example, disabling messaging or social features). This software will also allow safe browsing and provide reports on Internet usage.
- Focus on safety: Download anti-malware software from a reputable vendor onto your child’s device. And make sure it is always updated with the latest version of the app and operating system and password protected. Turn on multi-factor authentication (MFA) for all apps that support it. And make sure your child only downloads apps from the official Google/Apple app stores.
- Block ads: Turn off ad tracking on your child’s smartphone by going to their settings on Android or iOS.
- Choose child-friendly apps: For Android devices, look for “Teacher Approved” apps on Google Play under the Kids tab. Apps are rated based on “age appropriateness, quality of experience, enrichment and enjoyment.”
We all want our kids to get the most out of their smartphones. But first and foremost we want them to be safe. Navigating this digital minefield was never going to be easy. But the more you know about the risks, the more informed your decisions will be.
To learn more about the risks children face online and how technology can help, go to Safer Kids Online.