New FTC COPPA Privacy Policy for Apps For Children

staytoooned · May 16, 2013, 2:14pm

We develop apps for children and we received a letter yesterday from the FTC that flagged our apps for violating the new COPPA privacy policy for apps that are targeted to children. We use Corona SDK to develop and build our apps. Corona, by default, has enabled the collection of analytics and UDID information. This clearly violates the new privacy policy. When I spoke to a representative from the FTC, I was told that the violation was the collection of a persistent identifier such as a UDID and analytics in apps for children. For the past two years, I was completely unaware that Corona Labs enabled this on our apps. Now we have to go the expense and time to update all of our apps because of this deception. If this is not taken care of before July 1, 2013 we will be fined a considerable amount of money. We hold Coronal Labs responsible.

I need to know HOW TO TURN OFF ANALYTICS and be reassured that there is absolutely no collection of data whatsoever with the latest Corona builds. I feel that the collection of data should be left to the customer not to the company and this should not be our responsibility to turn off!!!

davidstarter · May 16, 2013, 6:12pm

Hi Staytooned - I am about to put up a blog post that addresses this. Stay tuned…

staytoooned · May 16, 2013, 6:14pm

Thanks David!

bjsorrentino · May 16, 2013, 7:05pm

Hi @staytoooned,

This is now clarified in the blog post that David just posted here:

http://www.coronalabs.com/blog/2013/05/16/update-on-corona-and-coppa-privacy-policies/

Hope this helps!

Sincerely,

Brent Sorrentino

jmaher · May 16, 2013, 8:52pm

Isn’t it true that right now calling gameNetwork overrides the launchPad = false setting?

So it would seem that you can’t use certain features (Game Center, ads) on a children’s app without risking the wrath of the FCC?

davidstarter · May 16, 2013, 9:05pm

jmaher - what you say (that gamenetwork/ads overrides the setting) was true many months ago. We changed that a while back and so it now is never overridden. However, not all of our docs have been updated to reflect that - but we are working on that.

I can’t give an opinion on what the FTC will do if you use certain 3rd party services on a children’s app - but it certainly seems like you should be aware of the issue and are comfortable with how they are using your data.

jmaher · May 16, 2013, 9:38pm

Thanks for clarifying that, David. Was that change build-dependent (only true for certain builds onwards)?

davidstarter · May 16, 2013, 9:42pm

jmaher - yes, that’s correct. But I dont know what build that was right now. I do know it has been at least 2 months, if not more…

rob · May 16, 2013, 9:55pm

Yes, they were build dependent changes. Once you release an app, we can’t go back and retroactively change the app.

jmaher · May 16, 2013, 11:54pm

Rob, I understand and appreciate that you can’t change my app.

However, what I am wondering is if you build NOW with an older build, will this be an issue? If so, it would be useful to know what build changed this behavior. (As opposed to a change that happened on your build servers or the analytics server.)

rob · May 17, 2013, 12:49am

Your code has to contact our servers, so if you build with an older version that has it still turned on, then it’s going to try and transmit it. The controls that determine if you are using the launchPad analytics is in your config.lua. We would have no way on the server to know if you wanted it on or off. Keep in mind many people want this on so we can’t blindly kill it on the server.

guillopuyol · May 17, 2013, 5:40pm

I was wondering… If my app doesn’t collect any data from users other than what Corona SDK and InMobi ads collect, will I be in compliance?

Of course I know nobody here is an attorney and your answer will not be considered ‘official’ I just want to understand what other developers are doing.

davidstarter · May 16, 2013, 6:12pm