fbpx

What Parents Need to Know About Privacy in Mobile Games: Five Tips for Your Parenting Toolkit

Written by Stacy Feuer, Sr. Vice President, Privacy Certified
October 28, 2022

With teens, tweens, and even toddlers using smartphones and tablets, it’s no surprise that mobile games continue to be among the most popular apps. There are lots of upsides to games-to-go for your kids, from entertainment to stress management, and even education! As with all types of products consumed by children, though, parents and caregivers need to stay involved. As we advised in What Parents Need to Know About Mobile Games, there are many steps you can take to make sure your kids have appropriate experiences playing mobile games. That’s true, too, when it comes to protecting your children’s privacy.

Whether your children are using your device or their own, it likely contains lots of sensitive information like personal contacts, location data, photos, and browsing history. And, like most app developers, many mobile game companies make money by selling data and serving ads to their users. That’s especially the case for free-to-play games that don’t cost anything to play up front.

Whether they’re free or not, mobile games and apps use tracking technologies to collect information from and about players. Developers use gameplay data to improve their games, customize the experience, measure progress, iron out bugs, serve personalized ads, detect cheats, comply with laws, and more. To do so, they collect all sorts of data — everything from your child’s birthday and location to what in-game purchases they made.

There are, of course, laws that govern the collection and use of kids’ information. And app stores and game developers also offer many privacy tools for both children and adults. Despite this, it can be hard for parents and caregivers to figure out the maze of privacy laws, settings, and features. So, here are some tips to help protect your children’s privacy.

We’ve pulled together five tips to help protect your children’s privacy and are rolling one out each day. Our first tip? Start by looking for the app store privacy labels and the apps’ privacy policy. Here’s how.

 

Tip #1: Look for Privacy Labels and Policies

Most of the games your children play will be ones you or they have downloaded from either the Google Play Store (Android) or the Apple App Store (iOS). As you’ve heard before, you should always check for age and content ratings before your children play games to ensure that the game is age appropriate. ESRB ratings are displayed for all games in the Google Play store.

What you might not know is that the app stores have also introduced “labels” for privacy modeled on nutrition labels on products in the grocery store. Instead of information about calories and nutrients, they have information about a game’s privacy policy and data collection practices. Apple’s “Privacy Information” labels and Google’s “Data Safety” labels differ somewhat, but both have links to the game’s full privacy policy, explain the types of data the game is collecting, what the data will be used for, and whether the game is sharing information with third parties.

The labels aim to be user-friendly and written in plain English, but they can still be difficult to understand. Here are a few things to focus on when looking at a privacy label in Google Play or the Apple App store:

  • What information the app collects and uses about gamers (including child users) via their account, device, or other details)
  • Whether the app collects “location” data, and, if so, whether it is “coarse” (meaning general information such as the city or town you live in) or “precise” (meaning your specific geographic address); and
  • Whether the app potentially shares users’ information with third parties.

 

The app stores have also introduced “labels” for privacy modeled on nutrition labels on products in the grocery store. Instead of information about calories and nutrients, they have information about a game’s privacy policy and data collection practices.

Of course, the labels aren’t perfect. Not all game developers have posted privacy labels, and Google and Apple don’t verify companies’ self-reported info. Plus, some labels do have errors – usually unintentional, due to mistakes or misunderstandings. But they are an important starting point for understanding what kind of data a game collects from its users and your kids, more specifically, and how companies use and share that information.
Review and update privacy settings & permissions periodically on the mobile apps that your kids play
Another source of information is a company’s privacy policy. Many mobile game companies now have simple short-form policies or dashboards summarizing key privacy facts such as what information is gathered in a game, where it goes, how it gets used, and whom to contact if you have a problem or question. You can view an example of a short form privacy policy in the ESRB Rating Search app (Android | iOS). And if you want more information, you can always review a company’s full-length privacy policy, which provides much greater detail.

It’s best to look at a game’s privacy label and privacy policy before your kids start playing. If you want more information afterwards, you can check out Google’s Privacy Dashboard on your Android device to see which apps accessed your child’s data and when. You can also check out the App Privacy Report in your iOS device’s settings to see how often your child’s location, photos, camera, microphone, and contacts have been accessed during the last seven days. Together with the privacy labels, these features can give you a more complete picture of how the apps your children use treat their privacy.

Almost all video game apps have to collect some personal information to function. But if you want to minimize the amount of personal data that is collected, used, and shared about your child, you can look for games that make clear that they won’t use kids’ personal information for any marketing, online advertising, employ any third-party tracking that would directly identify a child, or collect and share precise location information. The privacy labels and other features offered by the app stores such as family programs can help you figure that out.

Tip #2: Use Parental Controls and Permissions

You can set privacy controls and permissions for the mobile games and apps your children play and download, just like the parental controls you use on your kids’ video game consoles. Some game companies allow you to enable privacy features (such as limiting which players can see your game activity) that would normally share identifying information.

Review and update privacy settings & permissions periodically on the mobile apps that your kids playAlso, both Apple and Google have settings for families that help you protect your children’s privacy by allowing you to restrict information sharing about your child’s location and block targeted advertising. Even if you block targeted ads, your child may still receive contextual advertising. Although you can’t stop advertising completely, you can limit inappropriate ads by buying the paid version of the game (if available), putting your child’s phone in airplane mode for simple games that don’t require an online connection, or using a third-party ad blocker.
You can also take advantage of other privacy-protective features that the app stores offer to all users. You can access Apple’s complete controls here and Google’s here.

You can also teach your kids to consult with you or say no to permissions that pop up in-game asking for data. That includes requests for your precise location, the contacts in your phone, pictures, or anything else that could identify you or your child. Explain that they should just say no to permissions that ask for access to anything that has to do with health, money, or making changes to the phone’s hardware.

Take advantage of family controls and other privacy-protective features from the app stores like Apple’s “Families” and Google’s “Family Link.” You can access Apple’s complete set of privacy controls here and Google’s here.

One of the most publicized developments is Apple’s App Tracking Transparency feature. If an app collects users’ data to track them across other apps and websites, the developer must send you a notification and receive your permission before they can track and share your activity. Apple automatically activates this feature if your children have an iPhone set up with a kids account. You can also toggle a setting, so these requests are denied automatically.

Late last year, Google introduced a similar feature that prevents apps from collecting the user’s advertising ID, which is used for ad tracking, when the user is opted out of personalized ads on Android 12. Google won’t allow developers to transmit the advertising ID from children in apps targeting children, such as those in the Families Link program. If you opt out of tracking, your kids will still be able to play most games although some features might not be available. Additionally, Google announced in August that it would block ad targeting based on the age, gender, or interests of users under 18, and also turn off location history for users under 18. Google plans to “start rolling out these updates across our products globally over the coming months,” so we are hopeful that they’ll implement this fully by the end of 2022.

You can also just say no. Before you grant permissions to any new app your kid is using or wants to download, review which permissions the app requires. See if they correspond to gameplay. For example, if a simple alphabet game for preschoolers wants access to your phone number or contact list, just say no. Your kid may still be able to play the game, although the developer may limit its functionality. You can also look for a privacy-friendly alternative.

Take some time to explore privacy and permissions that make sense for you and your family. And remember to review and update them periodically as game companies roll out new features and your kids mature and change.

Tip #3: Look for the ESRB Privacy Certified Seal

You’re probably already familiar with ESRB’s content ratings for video games and apps, but did you know that ESRB also has special icons certifying a company’s compliance with ESRB’s privacy requirements? ESRB Privacy Certified is a membership-based program that works mostly with companies in the toy and video game industries. We review our members’ products for compliance with the federal Children’s Online Privacy Protection Act (“COPPA”) and state privacy laws, as well as global rules, platform standards, and best practices.
ESRB Privacy Certified seals show compliance with the COPPA and rigorous program requirements
We have two seals: (1) the ESRB Privacy Certified Kids Seal, which covers games directed or targeted to children, and (2) the ESRB Privacy Certified Seal for games that are not primarily directed to and do not target children.

The Kids Seal links to a confirmation page on our ESRB website, which confirms that a company is a member of our program, shows the seal(s) the member is approved to use, and provides a link to the member’s online privacy policy. The Federal Trade Commission (FTC), the United States’ leading privacy agency, has approved our Kids Seal requirements. Every year we provide a confidential annual report to the FTC detailing our compliance work with our members on children’s privacy.

When you see one of our ESRB Privacy Certified seals in a mobile app, you can be assured that we’ve reviewed the company’s privacy practices and policies thoroughly.

When you see one of our seals in a mobile app (often in or near the app’s privacy policy), you can be assured that we’ve reviewed the company’s privacy practices and policies thoroughly. We conduct an initial assessment to make sure the company’s product complies with applicable laws and the company’s actual practices are described accurately and fully. We also conduct two comprehensive reviews annually of each participant’s policies, practices, and products to help members remain compliant.

You can also find ESRB’s Privacy Certified seals on websites and connected toys. For more information about ESRB Privacy Certified, check out our website and blog. You can also follow us on LinkedIn and Twitter.

Tip #4: Don’t Let Your Children Lie About Their Ages

When companies know that children under the age of 13 are playing their games, they are required by law to follow the federal Children’s Online Privacy Protection Act (COPPA). COPPA and its associated Rule issued by the Federal Trade Commission (FTC) gives parents control over what information companies can collect from kids under 13 years of age through their websites, apps, and other online services, including mobile games. It's important that kids enter the correct date of birth at age gatesUnder COPPA, companies with games, apps, and other services “directed to children” or who know that kids under 13 are using their game must:

  1. Notify you of how they use your kid’s information
  2. Get your express consent (known as “verifiable parental consent”) before collecting, using, or disclosing your child’s personal information
  3. Allow you to review and request deletion of your child’s information.

Under COPPA, a game company can’t condition participation in a game on a child disclosing more information than is necessary. They’re also prohibited from using information for commercial purposes such as targeted marketing and advertising that are unrelated to gameplay. This is part of why it’s so important to make sure you or your kid enters an accurate birthdate or age when signing up for a new game!

Beyond COPPA, recently enacted privacy laws in states like California, Colorado, Connecticut, Utah, and Virginia give kids and their parents additional privacy rights. Some extend certain privacy rights to teens. For example, several of these state laws prohibit companies from selling or sharing teenagers’ (typically ages 13-16) personal information without their consent or the consent of their parent or guardian. You can ask that a mobile game company not sell or share your child’s information by making a request using a form or email address available from the company’s app or website.

Other laws, such as California’s recently-passed Age Appropriate Design Code Act, require companies to set privacy controls in games and other products to the most-protective level for all users under the age of 18.

Make sure your children enter their ages accurately so they can benefit from legal protections tailored to protect kids’ personal information.

Companies that don’t follow these rules can get in a lot of trouble. The FTC and state law enforcers have slammed mobile game companies that failed to comply with COPPA with large fines and other penalties. And more enforcement is likely on the way. Along with our other tips, making sure that your children enter their ages accurately will help ensure that they benefit from legal privacy protections tailored for kids and teens.

Tip #5: Communicate with Your Kids

Tip #5: Communicate with Your KidsOur first four tips are privacy-specific while this last one applies to many parenting challenges: Communicate with your kids! Talk with them about what they should know and can do to protect their privacy online. If your kids are young, you can tell them to come to you or simply say no to all in-game requests for information. If your children are older, you can teach them how to use privacy settings and permissions.

You can also educate them in an age-appropriate way about the consequences of sharing too much personal information in a game. These can range from compromising the security of online accounts to attracting cyberbullies to damaging their personal reputation. Let them know that they can come talk to you if they’ve posted something online that they later realize is too personal (you can help them get it deleted) or if they’re receiving inappropriate advertisements, messages, or other communications. (You can report inappropriate ads to Apple and Google.)

Make sure your kids know they can turn to you for help in protecting their personal data and preferences, and that you know where to find answers and advice.

Sometimes, in a rush to play a game, your child might simply click “yes” on permissions, or even falsify their age, but when they understand how their personal data and preferences may be used, or more importantly misused, most kids will become more interested in managing their own privacy online. Make sure they know they can turn to you for help, and that you know where to find answers and advice.
Protecting your kids’ privacy in mobile games may sound overwhelming, but the benefits of playing games far outweigh the risks. Our tips – together with ESRB’s Family Gaming Guide and our “What Parents Need to Know” blogs can help you protect your kids’ privacy online.

• • •

If you have more questions about kids’ privacy in mobile apps or you want to learn more about our program, please reach out to us through our contact page to learn more about our program. Be sure to follow us on LinkedIn for more privacy-related updates.

• • •

Stacy Feuer Headshot As senior vice president of ESRB Privacy Certified (EPC), Stacy Feuer ensures that member companies in the video game and toy industries adopt and maintain lawful, transparent, and responsible data collection and privacy policies and practices for their websites, mobile apps, and online services. She oversees compliance with ESRB’s privacy certifications, including its “Kids Certified” seal, which is an approved Safe Harbor program under the Federal Trade Commission’s Children’s Online Privacy Protection Act (COPPA) Rule.

Tags: , , , , , , ,

Related Articles

No related articles.

Share

Proud member of

Logo of IARC - International Age Rating Coalition

Search ESRB.org

© 2024 Entertainment Software Association. The ESRB rating icons are registered trademarks of the Entertainment Software Association. All other trademarks are the property of their respective owners. All Rights Reserved.