Are you looking for a high-tech gift for a youngster this Christmas? Maybe a smartphone or a tablet already seems like a permanent extension of your child's arm.
In either case, here's something that might surprise you: Most apps designed for kids secretly collect private information such as phone numbers, device IDs and even physical locations, according to a new study by the Federal Trade Commission.
You probably won't be surprised to learn that this information is often used to build consumer profiles and target them with personalized advertising. Sometimes it's shared with third parties. But, as the FTC pointed out, that seldom includes parents.
"In fact," FTC Chairman Jon Leibowitz said, "our study shows that kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents."
By now, savvy adults understand that privacy in a wireless world is as mythical as a jolly elf sliding down the chimney with an iPad or a smartphone equipped for Web surfing, status updates, texts, tweets and all kinds of online games.
Children are more vulnerable. Some parents may believe their kids are shielded from data miners by the Children's Online Privacy Protection Act. The federal law, passed in 1998, requires online services designed for children 12 and under to get a parent's permission before collecting and sharing personal information.
Yet the FTC's survey of mobile apps available from the Google Play and Apple App stores found that almost 60 percent transmitted device IDs to the developer or a third party without disclosing that fact to parents. Some also recorded and transmitted locations and phone numbers.
"Further," an FTC report said, "a number of apps contained interactive features — such as advertising, the ability to make in-app purchases, and links to social media — without disclosing these features to parents prior to download."
In some cases, advances in technology are outpacing legal protections for online privacy. In others, app developers simply may be flouting the law.
Earlier this year, the FTC levied a $1 million fine against a company that collected data without permission from children visiting fan websites for pop stars, and it has launched an investigation into the practices of the app developers.