As many as one in four apps aimed at children on the Google Play app store do not comply with the Information Commissioner’s Office age-appropriate design code, according to new research.
Consumer group Comparitech said its study of more than 400 children’s apps available on the store found that nearly 25% violated the ICO’s guidelines in some way – the vast majority by collecting personal data of some kind.
The age-appropriate design code or Children’s Code sets out standards to which online services must adhere in order to comply with UK data protection law when it comes to children and protecting their personal information online.
The group said it had carried out its study by selecting 50 apps from each of the individual app categories within the Google Play Store tab for children.
According to the research, the majority of the apps found to be violating the code were collecting a user’s IP address, but in some instances other data such as a user’s name, address, online contact information, telephone number, or geolocation was found to be collected.
The consumer said that all of the apps it found to violate code were graded as “expert approved” by Google.
Comparitech head of data research, Rebecca Moody, said: “Almost 25% of the apps we reviewed were found to be in violation of the ICO’s guidelines in some way.
“Perhaps even more concerning was that 5.5% of the apps we reviewed claimed not to be targeted toward children, despite being featured within the child-specific section on Google Play and sometimes featuring the word ‘kids’ in the app name.”
A spokesperson for the ICO said: “The children’s code makes clear that children are not like adults online, and their data needs greater protections.
All online services likely to be accessed by children must conform with the children’s code in order to be compliant with data protection legislation
“We want children to be online, learning, playing and experiencing the world, but with the right protections in place to do so that reflects their best interests.
“All online services likely to be accessed by children must conform with the children’s code in order to be compliant with data protection legislation.
“It applies to all companies who will process data on UK children. We will investigate when evidence suggests that online services are not complying with their responsibilities to protect children outlined by the code or wider data protection law.”
In response to the research, Google said it was looking into the findings of the report and its methodology.
A Google spokesperson said: “Google Play takes the protection of children on its platform seriously.
“Play has policies and processes in place to help protect children on our platform and has invested significant resources into related features.
“Apps that target children must comply with our Google Play families policy, which requires developers to adhere to all relevant laws and all of Play’s developer programme policies, plus imposes additional privacy, monetisation and content restrictions like prohibiting access to precise location data.
“Developers are responsible for ensuring their apps are compliant with all relevant laws and appropriate for their target audiences, including children.”