If you make Android apps or games for children and aren’t already familiar with COPPA, you should get up to date on the requirements as quickly as possible.
COPPA, or the Children’s Online Privacy Protection Act, goes into effect on July 1, 2013. It is aimed to protect children under the age of 13 and give parents control over what information is collected from their children.
In case the rules are a bit confusing, the FTC added a FAQ page that provides some pretty clear guidance for businesses to ensure that they are compliant.
Does this rule apply to you? According to the FTC:
The Rule applies to operators of commercial Web sites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience Web sites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to Web sites or online services that have actual knowledge that they are collecting personal information directly from users of another Web site or online service directed to children.
So, basically you may be in the clear if you don’t collect any personal information in your app or take advantage of information collected by a separate service. You are probably also in the clear if your app isn’t geared towards children.
On the other hand, the rules are fairly reasonable expectations for users of any age. To be safe, I would suggest reviewing your compliance with COPPA even if your app has a wide demographic.
Inadvertent violations
Also, make sure you understand what personal information is for the purpose of this law! A few items that you may not have thought of:
- A screen name for social sites
- Photos, videos, or audio (which can contain the child)
- Geo-location information (be careful with analytics)
- Telephone (don’t act like Facebook)
- Email addresses
As you can see, it’s possible to inadvertently be collecting personal information, and you may need to make changes even though nobody has complained about your app before. You may need to carefully analyze the services you connect with, particularly analytics and customer feedback services.
The two minute test (video):
Looking for a quick video to help you decide if COPPA affects you or your apps? DevsBuild.it (by the Application Developers Alliance) has had a quick video overview of COPPA (link expired) to help you decide if it applies to you.
Are you ready for COPPA?
Hopefully now you’re a little better prepared now to handle COPPA and make sure your apps properly handle children’s privacy. Be sure to spread the word though, to make sure other developers are aware of this change.
Have you made (or will you make) any changes to your Android apps to prepare for COPPA? Leave a comment below!
I am disturbed by the permissions required by Reader Hub (which is an ebook/pdf reading program), to update their program. They require to “Reroute outgoing calls” which includes “Monitor, redirect or prevent outgoing calls” “Read phone status and identity”, which allows them to determine the remote number etc, “Read your contacts’ which they warn could allow malicious apps to share the contents of my android without my knowledge.
Is this a CIA requirement now? Surely this would put children at considerable risk if they updated their device without their parents knowledge.
I doubt that there is any legal requirement to do anything of the sort. I have no idea why those new requirements were added, but if there’s no explanation and it’s not tied to functionality in the app, uninstall it (or at least don’t install the update). As users, we shouldn’t tolerate inappropriate permissions. While there’s a very low incidence of actual malware on Google Play (and Google now scans apps as you install them, if you let it), there are apps that could misuse your information or make your phone operate in a way that you don’t want.