How Apps Collect Data From Children

Understanding data collection practices in children's apps and games and how to limit exposure

BG
Ben Gillenwater March 11, 2025

The Hidden Data Ecosystem in Children's Apps

When children play games, use educational apps, or engage with social platforms, they're not just consuming content—they're also generating valuable data that's collected, analyzed, and often shared with third parties. This data collection happens largely invisibly, with many parents unaware of its scope and potential implications.

While data collection isn't inherently harmful, children deserve special privacy protections. Their data is particularly sensitive, they lack the capacity to give meaningful consent, and information collected during childhood can potentially follow them for decades, affecting future opportunities and experiences.

The Scope of the Issue:
  • 67% of popular free children's apps collect and share identifying information without proper parental consent
  • 15% of children's apps collect geolocation data that could reveal a child's physical location
  • 80% of American parents are concerned about companies collecting data from their children
  • 95% of the most downloaded apps for children ages 5 and under contain at least one form of advertising

What Data Is Being Collected?

Children's apps and services collect a surprisingly wide range of information. Understanding what's being gathered is the first step toward making informed decisions about your child's digital privacy.

account_circle

Identity Information

Personal details that can identify a child as an individual.

  • Name and username used to create accounts or profiles
  • Email address for account creation, marketing, and authentication
  • Birth date ostensibly collected for age verification but often used for marketing
  • Photos and avatars uploaded to personalize profiles
  • Voice recordings from voice-activated features or search

Example:

Many social gaming platforms require children to create profiles with usernames, profile pictures, and sometimes personal information like age or location to "enhance" the social experience.

location_on

Location Data

Information about where a child physically is or has been.

  • Precise GPS coordinates from location-based games or features
  • IP addresses that can reveal general location information
  • Wi-Fi information that can be used to determine location patterns
  • Bluetooth data that can track proximity to other devices

Example:

Even apps without obvious location features often request location permissions for "improved service" when the actual purpose is to gather marketing data or enable location-based advertising.

devices

Device Information

Technical data about the device a child is using.

  • Device identifiers (IMEI, UDID, advertising ID) that uniquely identify devices
  • Operating system and version information
  • Browser type and settings
  • Screen resolution and device orientation
  • Battery level and charging status

Example:

Game apps often collect detailed device information ostensibly for optimization, but this data can also be used for fingerprinting (identifying users across services) and targeted advertising.

touch_app

Behavioral Data

Information about how a child interacts with an app or service.

  • Usage patterns (time spent, features used, buttons clicked)
  • Content preferences (what videos are watched, games played, etc.)
  • Search history within the app
  • Social interactions (friends, messages, likes, shares)
  • In-app purchases and spending patterns

Example:

Video platforms track exactly what children watch, how long they watch it, what they skip, and what keeps their attention—data used to refine recommendation algorithms and target ads.

school

Educational Data

Information related to learning and academic performance.

  • Academic performance in educational apps
  • Learning patterns and difficulties
  • Time spent on different educational activities
  • Responses to questions and challenges
  • Progress metrics and completion rates

Example:

Educational apps may track detailed performance data, sometimes linking it to personal identifiers that could follow a child throughout their academic career.

How Data Collection Happens

Children's data is gathered through various technological methods, many of which operate without visibility to parents or children:

Software Development Kits (SDKs)

SDKs are pre-built packages of code that developers integrate into apps to add functionality. Many popular SDKs primarily exist to collect user data:

  • Advertising SDKs gather information for targeted advertising
  • Analytics SDKs track user behavior within the app
  • Social SDKs (like "Login with Facebook") can collect data across platforms

Research shows that the average children's app contains 7 third-party SDKs, many of which collect and transmit data without transparent disclosure.

APIs and Web Services

Apps connect to external servers and services that may collect additional data:

  • Content delivery networks that serve images and videos
  • Social media integrations that allow sharing but also track activity
  • Cloud services that store user data and activity logs

Tracking Technologies

Various technologies enable persistent tracking across sessions and devices:

  • Cookies in browser-based games and applications
  • Device fingerprinting that identifies devices based on unique characteristics
  • Advertising identifiers that allow cross-app tracking

Permissions-Based Collection

Apps request device permissions that enable data access:

  • Location permissions that enable geographical tracking
  • Camera and microphone access that may capture environmental data
  • Contact and address book permissions that expose social connections
  • Storage access that allows scanning of device content

Why Companies Collect Children's Data

Understanding the motivations behind data collection can help parents evaluate the trade-offs between functionality and privacy:

Primary Business Models

  • Advertising: The dominant model for "free" apps, where user data enables targeted advertising
  • Data selling: Some companies generate revenue by selling user data to data brokers or other third parties
  • Product improvement: Data used to enhance features, fix bugs, and develop new products
  • Personalization: Tailoring content and experiences based on collected data
  • Engagement optimization: Analyzing behavior to make products more "sticky" and habit-forming

The Data Economy

Children's data is particularly valuable in the broader data ecosystem:

  • Early consumer profiling: Building marketing profiles from a young age
  • Family influence: Using children's data to target entire households
  • Longitudinal value: Data collected early has long-term commercial potential
  • Predictive power: Early behavioral data can predict future preferences and behaviors
The Value of Children's Data:

Children's data is highly valued in advertising and marketing ecosystems because:

  • Children influence an estimated $500 billion in annual household spending
  • Early brand relationships formed in childhood often persist into adulthood
  • Data collected over time creates comprehensive consumer profiles
  • Children's digital habits provide insights into emerging trends and preferences

Privacy and Security Risks

Extensive data collection creates several potential harms for children:

Short-Term Risks

  • Targeted advertising: Exposure to manipulative marketing techniques
  • Filter bubbles: Content recommendation systems that limit exposure to diverse perspectives
  • Behavioral manipulation: Design features that exploit developmental vulnerabilities
  • Location tracking: Physical safety concerns from revealing children's whereabouts
  • Data breaches: Exposure of personal information through security incidents

Long-Term Risks

  • Digital profile creation: Permanent records that follow children into adulthood
  • Future discrimination: Data used for educational, employment, or insurance decisions
  • Identity theft: Children's clean credit histories make them targets for identity thieves
  • Loss of autonomy: Diminished ability to define one's own identity separate from data profiles
  • Chilling effects: Self-censorship and behavioral changes due to awareness of surveillance

Various laws attempt to protect children's privacy, though significant gaps remain:

Legislation Key Protections Limitations
COPPA
(Children's Online Privacy Protection Act)
  • Requires parental consent for collecting data from children under 13
  • Mandates privacy policies and parental access to children's data
  • Restricts marketing to children without parental permission
  • Only applies to services "directed to children" or with "actual knowledge" of child users
  • Many apps claim they're not for children despite child-friendly design
  • Enforcement is challenging and violations are common
GDPR
(General Data Protection Regulation)
  • Requires parental consent for processing data of children under 16 (can be lowered to 13 by member states)
  • Mandates privacy by design and default
  • Includes right to erasure ("right to be forgotten")
  • Only applies to EU residents (though has influenced global standards)
  • Implementation varies by country
  • Doesn't fully address behavioral advertising to children
CCPA/CPRA
(California Consumer Privacy Act/Privacy Rights Act)
  • Requires opt-in consent for selling data of children under 16
  • Provides right to access and delete personal information
  • Includes special protections for sensitive data
  • Only applies to California residents
  • Complex compliance mechanisms that many parents don't understand
  • Exceptions for various business purposes
FERPA
(Family Educational Rights and Privacy Act)
  • Protects privacy of student educational records
  • Gives parents right to access and correct educational records
  • Requires consent for disclosure to third parties
  • Only applies to schools receiving federal funding
  • Doesn't cover many educational apps used outside school settings
  • Contains exceptions for "legitimate educational interests"

Practical Strategies to Protect Children's Data

While perfect privacy is challenging in today's digital ecosystem, these practical approaches can significantly reduce your child's data exposure:

search

Research Before Downloading

Investigate apps before allowing children to use them:

  • Read privacy policies with particular attention to data collection and sharing practices
  • Check privacy ratings on platforms like Common Sense Media or the Privacy Not Included guide
  • Look for privacy certifications like COPPA Safe Harbor or kidSAFE
  • Search for privacy controversies or data breaches related to the app
  • Read parent reviews that mention privacy or ads
tune

Configure Privacy Settings

Optimize settings to minimize data collection:

  • Review and adjust in-app privacy settings after installation
  • Limit permissions to only what's necessary for core functionality
  • Disable location tracking unless absolutely necessary
  • Opt out of personalized advertising when possible
  • Turn off "analytics" or "improvement program" options
  • Disable third-party integrations and social sharing features
account_balance_wallet

Consider Paid Alternatives

Evaluate privacy-focused business models:

  • Look for apps with up-front purchase prices rather than "free" ad-supported models
  • Consider subscription services that don't rely on advertising revenue
  • Research companies that explicitly prioritize privacy in their business model
  • Be willing to pay for quality content and services that respect privacy
devices

Use Device-Level Protections

Leverage built-in privacy features:

  • Enable "Limit Ad Tracking" or similar options in device settings
  • Reset advertising identifiers periodically
  • Use kids-specific modes like "Kids Space" on Android or "Screen Time" on iOS
  • Use privacy-focused browsers and extensions:
    • Switch to privacy-respecting browsers like Firefox or Safari (Apple devices) instead of Chrome or Edge
    • Install EFF Privacy Badger to automatically block invisible trackers
  • Regularly review and manage app permissions at the device level
  • For tech-savvy parents: Implement DNS filtering solutions like NextDNS at the network level (on your router) or per-device basis to block malware, ads, adult content, and non-kid-friendly services with customizable filtering rules and monitoring capabilities
school

Teach Privacy Literacy

Help children understand privacy implications:

  • Explain data collection concepts in age-appropriate ways
  • Teach critical thinking about "free" services and why companies want their data
  • Show children how to review permissions and privacy settings themselves
  • Discuss the concept of a digital footprint and its long-term implications
  • Encourage questions about why apps need certain information
voice_over_off

Minimize Personal Information

Reduce the identifiable data you provide:

  • Use generic usernames that don't contain real names or birth years
  • Consider using a family email address for children's accounts
  • Avoid apps that require extensive personal information
  • Don't fill optional fields in profiles
  • Be cautious with profile photos and avatars
Advanced Protection for Tech-Savvy Parents: Technical Solutions

For parents with technical knowledge, these tools offer comprehensive protection against data collection and harmful content:

1. DNS Filtering

  • What is DNS filtering? DNS (Domain Name System) filtering blocks connections to unwanted websites and services at the network level before data is transmitted
  • Service recommendation: NextDNS offers easy-to-configure DNS filtering with extensive customization
  • Implementation options:
    • Router-level: Protect all devices on your home network simultaneously
    • Device-level: Create separate profiles with unique filtering rules for each family member
    • App-based: Install on mobile devices for protection anywhere they go
  • Protection capabilities:
    • Block known trackers, analytics, and advertising networks
    • Filter inappropriate content categories (adult content, violence, gambling)
    • Block specific apps and services from connecting to the internet
    • Prevent malware, phishing, and scam websites
  • Monitoring: View logs and analytics showing blocked requests and attempted connections

2. Privacy-Focused Browsers and Extensions

  • Privacy browsers:
    • Firefox - Open-source with robust privacy features and transparent data practices
    • Safari (Apple devices only) - Built-in tracking prevention and privacy protections
  • Privacy extensions:

Red Flags: When to Avoid an App

Some warning signs indicate potentially excessive or problematic data collection practices. Consider avoiding apps that:

  • Request unnecessary permissions unrelated to core functionality (e.g., a drawing app requesting location access)
  • Have vague or excessive data collection policies in their privacy statements
  • Lack a specific children's privacy policy despite being designed for or appealing to children
  • Share data with numerous third parties for advertising or analytics
  • Have a history of privacy violations or data breaches
  • Are developed by companies with questionable data practices in other products
  • Require account creation for basic functionality that shouldn't need it
  • Have inappropriate or excessive advertising, particularly ads that aren't age-appropriate

The Path Forward: Advocating for Children's Privacy

Beyond individual protection strategies, systemic changes are needed to better safeguard children's digital privacy:

Policy and Regulatory Approaches

  • Strengthening existing laws like COPPA with broader coverage and stricter enforcement
  • Implementing privacy by design requirements for children's products
  • Establishing data minimization principles for children's services
  • Creating clearer accountability structures for violations
  • Developing international standards for children's privacy protection

Market and Industry Solutions

  • Privacy-centered business models that don't rely on data monetization
  • Industry self-regulation with meaningful accountability
  • Privacy certification programs with rigorous standards
  • Privacy-enhancing technologies designed specifically for children's products
  • Transparent, age-appropriate privacy communications for children and parents

Educational Initiatives

  • Digital literacy curriculum in schools that includes privacy concepts
  • Resources for parents to understand digital privacy
  • Age-appropriate privacy education for children at various developmental stages
  • Professional development for educators on privacy issues

Balancing Benefits and Protection

The goal isn't to completely disconnect children from digital experiences, which offer valuable educational and social benefits. Rather, the challenge is finding a balance that allows children to enjoy the advantages of technology while preserving their privacy and autonomy.

By understanding how data collection works, implementing practical protection strategies, and advocating for stronger safeguards, parents can help ensure that their children's digital experiences enhance rather than compromise their future.

As we navigate this complex landscape, the guiding principle should be that children deserve to grow up with both technological opportunity and the fundamental right to privacy—a right that becomes increasingly difficult to reclaim once it's compromised.

Sources: Federal Trade Commission (FTC), Common Sense Media, International Digital Accountability Council, Internet Matters, Electronic Privacy Information Center (EPIC), Future of Privacy Forum, National Center for Biotechnology Information (NCBI), WeLiveSecurity, CBS News, PR Newswire

Protect Your Child Today

Start with our step-by-step guide to setting up your child's iPhone safely

Get the Guide