The data flows that power today’s digital environment move across generations and cultures; devices and software; businesses and households. Many of the currents that feed into this environment are generated by the mobile app ecosystem, where
users of all backgrounds engage with their favorite games, social media, tools, and entertainment sources.
Teenagers are major participants in this ecosystem, most notably with and through Android mobile apps. And like everyone else interacting with today’s connected world, teenagers are faced with questions and tradeoffs when it comes to the use of mobile apps and privacy.
In policy discussions about privacy today, however, much of the dialogue focuses on the privacy rights of citizens generally—sometimes through the vehicle of general privacy regulation, and sometimes through protections for specific kinds of data, such
as health data or location data. Also common are discussions about prioritizing the privacy interests of young children and whether existing legal frameworks, such as the Children’s Online Privacy Protection Act1 (COPPA), are
adequate and sustainable in today’s digital world.
The Missing Link in Policy Discussions: Teens
- 83% of U.S. mobile device owners aged 13 to 17 download an app at least once a month3
- 81% of teens use social media with 70% saying they use it multiple times a day, up from 34% in 2012
- 72% of teens believe that tech companies manipulate users to spend more time on devices
- 89% of teens have their own smartphone, more than doubling since 2012
To protect teen privacy interests, some lawmakers are proposing to raise the protected age range under COPPA to include teens. This year alone we have seen the PROTECT Kids Act, the Kids PRIVACY Act, and the KIDS Act each applying certain concepts from COPPA to children under the ages of 16 or 17.
The ideas are worthy, but the specifics are lacking. The unique teen audience is strikingly different than COPPA’s current targeted age range of under 13. Defining a website, app, or platform as a “teen space,” an age range bordering
on adulthood, is much more difficult than identifying child-directed content.
Research shows that a teen's drive for greater engagement on digital media platforms exposes them to privacy risks.4 There is a critical need to ensure that companies engaging teens in
an online environment collect data in a responsible manner, understand the unique teen audience, and have the tools and support necessary to sustain responsible data collection in an evolving regulatory atmosphere.
This study examines the current state of privacy in the Android teen app marketplace and breaks down the privacy risks that teens face with each engagement.
To assess the multiple privacy dimensions of more than 53,000 apps available in the Google Play store, the apps were divided into two categories: apps directed to a general audience, and a subset of those that were directed
The data indicate that Android-based apps likely directed to teens appear to differ substantively from general audience apps where information privacy is concerned.
Teen apps have a greater attack surface for privacy risks.
- The teen dataset requested more permissions of its users and included more in-app purchase options than apps in the general dataset.
- Median of 11 permissions requested per app
- Median of 6 “dangerous” permissions requested per app
- Median of 10 trackers integrated into each app
- For 9% of apps in the teen dataset we were unable to identify a home country for the app publisher.
Trackers observed most frequently appeared to be controlled by Facebook and Google.
The Android mobile app ecosystem is complex, populated by a variety of publishers - large and small based across the globe - that often rely on third-party software to monetize their apps through advertising or in-app purchases.
Apps function alongside powerful sensor, storage, and tracking technologies engineered into smartphones. Google, the owner of the Android platform and a powerful advertising network, and Facebook, known for its social media networks, dominate
this market through myriad tracking and ad products. Such major players are woven together with innumerable advertising technology companies to create an interlocking mesh of data exchange that funds an enormous swath of internet services.
Many consumers, including teens, engage with their favorite apps every day unaware of the hidden ecosystem that drives it.
Teen users might be targeted based on their in-app purchase spending behavior.
- The teen dataset included more ad-supported apps than the general dataset.
- 82.9% of teen apps compared to 51% of general apps
- The teen dataset had more game apps with in-app purchase options than the general dataset.
General dataset: 4 times as many game apps with in-app purchases as game apps without in-app purchases
Teen dataset: 12.6 times as many game apps with in-app purchases as game apps without in-app purchases
Why it Matters
Apps targeted to teenage users are more likely to engage in ad serving, include more third-party trackers, ask for more permissions, and offer more in-app purchases.
App developers, advertisers, and third-party technology companies routinely focus more heavily on monetizing teenage users, through advertisements and in-app purchases, as compared to general audience users. In addition, the teen dataset
included more third-party trackers and requested more permissions to data, including those defined as “dangerous” permissions. While many app developers appear to abide by the Google Play Developer policies about privacy, our
study suggests there are important questions about whether they collect or authorize the collection of excessive amounts of data.
And because Google and Facebook own the majority of trackers in teen apps, this report demonstrates how platforms such as these can combine data, collected across a variety of apps, to create a full profile of single users – what they look
like, what they sound like, where they go, who their friends and family are, where they work and live, their daily habits and interests, and even the contents of their phone.
In a world where teens are restricted from driving, voting, and making other decisions regarding their autonomy, why does the assumption exist that they can properly manage their own data privacy?
In today’s landscape, should teens be required to understand and be mindful of the inherent tradeoffs that exist between the data collection and advertising practices in the mobile apps they use and their own personal privacy?
Although the proposed laws that expand the scope of COPPA to include some teenagers are well-intentioned, we should not treat teens the same way we treat children, nor should we treat them as fully developed adults.
Given our findings and the potential rigidity of future legislative solutions, it is incumbent on industry now to exercise responsibility and show accountability by developing appropriate standards that take into account teens’ habits, preferences, and developmental state.
This study is brought to you by BBB National Programs' TeenAge Privacy Program (TAPP), a community of companies that understand the digital landscape and the complications of standards implementation that will develop the core principles and standards necessary
for teen privacy.