Pixalate Discovers 286 US-Based Mobile Apps in the Google & Apple App Stores Violating the Children’s Online Privacy Protection Act (COPPA), Endangering the Privacy of Up to 18 Million Children

London, May 19, 2025 (GLOBE NEWSWIRE) — Pixalate, the global market-leading ad fraud protection, privacy, and compliance analytics platform, today released the Q1 2025 State Of Children’s Privacy On Mobile Apps Report, part of its COPPA Violation Risks in Mobile Apps series.

The report highlights app developers on the Google Play Store and Apple App Store that are at risk of violating the Children’s Online Privacy Protection Act (COPPA) for gathering children’s personal information through likely child-directed apps without a compliant privacy policy,* as assessed by Pixalate. According to Pixalate’s analysis, 100% of these likely child-directed and advertising enabled** apps shared US consumers’ personal information with advertisers via the advertising bid stream.

Children’s Online Privacy Protection Act (COPPA) Background

COPPA requires operators of apps (in this case, app developers) that collect, use, or disclose personal information from children to post an online privacy policy. To be COPPA compliant, the privacy policy must disclose (16 C.F.R. § 312.4 (d) (1-3):

• The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the app;
• A description of what information the operator collects from children, including whether the operator enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information;
• The procedures by which a parent can review or have deleted the child’s personal information and refuse to permit its further collection or use.

For Pixalate’s compliance technology to classify a likely child-directed app as potentially non-compliant with the COPPA Rule, one or more of the following deficiencies must be identified:

• No privacy policy URL was detected in the app stores.
• A URL claiming to link to a privacy policy was detected in the app stores, but neither the page it led to nor any linked pages (in headers / footers) were identified as privacy policies by Pixalate’s compliance technology.
• A privacy policy URL was detected, but it likely did not meet the disclosure obligations of the COPPA Rule, according to Pixalate’s analysis.

Key State Of Children’s Privacy On Mobile Apps Report Findings

• Compliance Issues: 17% (286) of the identified advertising enabled and likely child-directed mobile apps were likely non-compliant with COPPA
  • 17 mobile apps did not have a detectable privacy policy
• Missing Disclosures: 79% (225) of the identified mobile apps with ads lacked a Children’s Privacy disclosure – a requirement under the COPPA Rule
• Sensitive Data Concerns: 53% (153) of the mobile apps with ads that were likely non-compliant under COPPA requested sensitive data permissions, such as location, camera access, audio, etc.
• Data Sharing Risks: 72% (207) of the identified likely non-compliant ad-enabled mobile apps in the Google Play and Apple App Stores shared US consumers’ location data with advertisers in the ad bid stream

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA – Apple App Store

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA – Google Play Store

For this report, Pixalate’s legal and data science teams analyzed the privacy policies of over 24K likely child-directed apps enabled for programmatic advertising (e.g., has ad impressions targeted towards US Consumers). These apps were available for download from the Google Play Store and Apple App Store in Q1 2025.

For the complete list and the methodology, download the report here.

*References to ‘without a privacy policy/policies’ or ‘no detected/detectable privacy policy/policies’ imply that Pixalate’s proprietary systems were unable to detect or identify a purported privacy policy/notice URL at the time of crawling the App Stores pursuant to Pixalate’s proprietary privacy policy detection and classification system. Based on Pixalate’s methodology and analysis, all of the identified apps generally exhibit characteristics aligned with the child-directed factors under the COPPA Rule, suggesting that these apps likely appeal to, or may predominantly be used by, children.

**References to advertising-enabled mobile apps, or apps with ads are those that have open programmatic advertising traffic, with ad impressions targeted towards United States based consumers at the time of crawling.

To learn more, please review the report’s methodology.

About Pixalate

Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com

Disclaimer

The content of this press release, and the Q1 2025 State of Children’s Privacy on Mobile Apps Report (the ‘report’) – including all content set forth herein, reflect Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry, inclusive of advertisers, advertising technology companies, developers of mobile applications, professional advisors, non-governmental entities, and regulators. Pixalate is sharing this report’s data–and opinions relating thereto–not to impugn the standing or reputation of any entity, person, or app, but, instead, to report opinions and suggest trends pertaining certain apps available for download via the Apple App Store & Google Play Store during the time period studied. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees.

It is important to note that the mere fact that an app appears to be directed to children or is deemed likely child-directed (e.g., data subjects under 13 years of age, as defined by COPPA), does not mean that any such app, or its operator, is failing to comply with COPPA. Further, with respect to apps that appear to be directed to children and have characteristics that, in Pixalate’s opinion, may trigger related privacy obligations and/or risk, such assertions reflect Pixalate’s opinions (i.e., they are neither facts nor guarantees); and, although Pixalate’s methodologies used to render such opinions are derived from automated processing, which at times is coupled with human intervention, no assurances can be – or are – given by Pixalate with respect to the accuracy of any such opinions.

Wall St Business News, Latest and Up-to-date Business Stories from Newsmakers of Tomorrow