Two Democratic senators are calling on federal regulators to investigate whether children’s apps improperly collect personal data and whether app stores are misleading parents by labeling the apps as child-friendly.
Senators Edward J. Markey of Massachusetts and Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission on Wednesday saying they were concerned that thousands of apps may “improperly track children and collect their personal information.”
The senators asked the agency to examine whether the apps, and the advertising companies they work with, were violating a federal law to protect children’s privacy online. The law requires sites and apps aimed at children under 13 to obtain verifiable permission from a parent before collecting personal details from a child like an email address, a precise location, a phone number or persistent digital ID codes that are used for behavioral advertising.
The senators also asked the agency to examine how app stores like Google Play vet the apps they categorize as child-friendly and ensure the apps comply with the privacy law.
“It’s clear that many companies are violating that law,” Mr. Markey said in a phone interview, “and that we need to put a spotlight on it and ensure that that type of activity is stopped cold.”
The letter cited a New York Times article published last month that described how multiple children’s apps sent personal information, including precise location and tracking ID numbers, to outside companies. The apps, with names like Fun Kid Racing and Masha and the Bear: Free Animal Games for Kids, offered animated games and videos. Many of them are so simple a toddler could play them.
The Times also found programs in Google’s Play store and Apple’s App Store that were labeled appropriate for children but, once downloaded, sent personal data without verifiable parental consent. Apps on the Apple platform sent less data over all.
Those findings were consistent with academic research published this year. The researchers analyzed nearly 6,000 free children’s Android apps and found that more than half shared data in ways that could violate the law.
Last month, the New Mexico attorney general sued the maker of Fun Kid Racing, along with online ad businesses run by Google, Twitter and three other companies. The suit accused the companies of violating the children’s privacy law. It also argued that Google misled parents by allowing the apps to remain in the children’s section of its store and failed to act swiftly when researchers contacted the company with concerns that thousands of apps might be improperly tracking children.
A Google spokesman, Aaron Stein, said its family program “requires developers” to comply with the federal children’s privacy law and that the company would “take action” if an app was found to violate its policies.
An Apple spokesman, Tom Neumayr, said developers must follow strict guidelines about tracking in children’s apps.
In their letter, Mr. Markey and Mr. Blumenthal asked the Federal Trade Commission to determine the extent to which app developers and their advertising partners were complying with the children’s privacy law. They called on regulators to examine the kinds of personal details that apps collect from children and share with advertising companies, as well as how app developers make sure their products adhere to the law.
The senators also asked the agency to scrutinize how advertising firms with policies prohibiting children’s apps from using their services make sure app developers comply.
This week, The Times retested one of the apps from the earlier article, Masha and the Bear, and found that the Android version continued to send precise location information and other data to tracking companies. The iOS version also still sent a tracking ID number to an advertising company, although it did not send location data.
Google and Apple did not respond to specific questions about that app. In an email, Indigo Kids, the Cyprus-based maker of the Masha app, said it was working on “solving this problem in order to avoid committing this violation in the future.”
Aaron Krolik contributed research.