The Hidden Data Collection in Kids' Apps
TL;DR: That "free" kids' app? It's probably collecting way more data than you think—location, voice recordings, browsing habits, even behavioral patterns. Some sell it to third parties, others use it to create disturbingly accurate profiles of your child. Here's what's actually happening, which apps are the worst offenders, and how to lock down your family's privacy without going full digital hermit.
Your 7-year-old is playing what looks like an innocent puzzle game. Meanwhile, that app is quietly logging their location every 30 seconds, recording which ads they tap on, tracking how long they play, and potentially sharing all of it with dozens of data brokers you've never heard of.
Welcome to the kids' app economy, where "free" means "your child is the product."
Let's get specific about what these apps are hoovering up:
The Obvious Stuff:
- Name, age, email (sometimes yours, sometimes theirs)
- Device ID and type
- IP address and general location
The Creepy Stuff:
- Precise GPS location (sometimes updated continuously)
- Voice recordings from in-app features
- Photos and videos from your camera roll
- Contact lists
- Browsing history and search queries
- Screen time and usage patterns
- In-app behavior (what they click, how long they linger, what makes them quit)
The "Wait, What?" Stuff:
- Keystroke patterns (yes, how your child types)
- Facial recognition data from selfie features
- Biometric data in some "educational" apps
- Cross-app tracking (following them around the internet)
- Social connections (who they interact with in multiplayer games)
A 2023 study found that 95% of the most popular kids' apps share data with third parties. Not just anonymized usage stats—actual identifiable information about your child.
Not all apps are created equal. Some categories are particularly aggressive:
Free-to-Play Games: Games like many knock-off apps trying to ride the coattails of Roblox or Minecraft are often data collection machines wrapped in cartoon graphics. They're "free" because they're monetizing your kid's data and attention.
Social Apps: Anything with messaging, photo sharing, or social features is collecting relationship data, conversation patterns, and building social graphs of children. TikTok has faced intense scrutiny for its data collection practices, but it's hardly alone.
"Educational" Apps: These often request permissions they don't need—like why does a math flashcard app need access to your microphone and location? Some edtech apps have been caught selling student data to advertisers.
YouTube Kids: While YouTube Kids is better than regular YouTube, it still collects viewing history, search queries, and device information. Google's entire business model is built on data, and that doesn't stop at the kids' app threshold. Check out this guide on YouTube vs. YouTube Kids for more context.
Your kid's data doesn't just sit in a database. It gets:
Sold to advertisers who want to target children (or their parents) with spooky precision. Ever notice ads for toys your kid mentioned once? Yeah.
Shared with data brokers who aggregate information from multiple sources to build comprehensive profiles. These profiles can follow your child for years.
Used for AI training without your knowledge or consent. Your child's drawings, voice, and behavioral patterns might be training the next generation of AI models.
Accessed by third-party SDKs (software development kits) that app developers embed to add features. Each SDK can have its own data collection practices, and developers often don't fully understand what they're allowing.
In some documented cases, data has ended up in the hands of foreign governments, been breached in hacks, or been used in ways that violate COPPA (Children's Online Privacy Protection Act).
COPPA is supposed to protect kids under 13, requiring parental consent for data collection. But the law is from 1998 (when "online" meant AOL chatrooms) and has massive loopholes:
- Apps can claim they're "not directed at children" even when kids are the primary users
- "Verifiable parental consent" can be as flimsy as checking a box
- The law doesn't cover teenagers at all (13-17 year olds have almost no privacy protection)
- Enforcement is spotty—the FTC is overwhelmed and under-resourced
Some apps are technically compliant with COPPA while still being privacy nightmares.
This isn't just abstract privacy concerns. Real things that have happened:
- A children's smartwatch app exposed the real-time location of thousands of kids
- An educational app's data breach revealed students' names, birthdates, and school information
- Targeted ads have shown children inappropriate content based on their behavioral profiles
- Colleges and employers are starting to access long-term data profiles that began when kids were young
Beyond immediate risks, we're creating the most surveilled generation in history. Kids are growing up never knowing privacy, being constantly tracked and analyzed. The long-term psychological effects? We're only beginning to understand them.
Alright, enough doom. Here's your action plan:
Before Downloading Any App:
-
Read the privacy policy (I know, I know—but at least skim it). Look for phrases like "share with third parties" or "advertising partners."
-
Check the permissions it requests. If a coloring app wants your location and microphone, that's a red flag.
-
Look for a privacy certification. The kidSAFE Seal Program and COPPA Safe Harbor certifications aren't perfect, but they're something.
-
Search "[app name] privacy concerns" before downloading. If there's been controversy, you'll find it.
After Installing:
-
Deny unnecessary permissions. Go to your device settings and revoke location, camera, microphone, and contacts unless absolutely needed. Most apps will still work fine.
-
Turn off ad personalization in your device settings:
- iOS: Settings → Privacy → Tracking → Ask App Not to Track
- Android: Settings → Privacy → Ads → Opt out of Ads Personalization
-
Use a kid-specific device profile with restricted permissions rather than letting them use your main profile.
-
Create a separate email for kids' apps instead of using your main family email. This limits cross-platform tracking.
Better Alternatives:
Consider paid apps over free ones. A $3.99 app that doesn't collect data is cheaper than a "free" app that monetizes your kid's privacy. Some genuinely privacy-respecting options:
- Khan Academy Kids (actually free AND privacy-respecting—rare combo)
- Epic! for reading (subscription-based, minimal data collection)
- Toca Boca games (paid apps with strong privacy practices)
- ABCmouse (subscription-based, COPPA certified)
For gaming, consider Nintendo Switch games over mobile free-to-play options—you pay upfront, but you're not the product.
Have the Conversation:
Even young kids can understand the basics:
"Some apps try to learn things about you so they can show you ads or sell that information. That's why we're careful about which apps we use and what information we give them."
For older kids, talk about digital footprints and how data collection now can affect them later. Make it less about fear and more about informed choices.
The kids' app economy is built on surveillance. That's not hyperbole—it's the business model. "Free" apps need to make money somehow, and they've chosen to monetize your child's data, attention, and behavior.
You don't have to become a privacy extremist or ban all apps (though honestly, your kids would probably benefit from fewer apps anyway). But you do need to be intentional. Treat app downloads like you'd treat letting a stranger into your home—because in a very real sense, that's what you're doing.
Start with one thing: This week, go through your kid's device and check the permissions for their top 5 most-used apps. Revoke anything that seems unnecessary. That's it. You've just meaningfully improved your family's privacy in 10 minutes.
The tech companies are betting on parent overwhelm—that you'll be too busy, too confused, or too tired to push back. Prove them wrong.
Next Steps: