privacyparenting

Kids' privacy in apps: what parents should check before downloading

A 5-minute audit that tells you if a kids app is actually safe. Six specific things to look for — and what the answers usually reveal.

The Rooteen team··5 min read

Most parents try to vet the apps their kids use. Most parents don't have a background in tech privacy, so the "vetting" often looks like: search the App Store, read the one-paragraph description, look at the age rating, install.

That's not enough. App Store age ratings are self-reported and permissive. A "4+" rated app can still ship with third-party ad tracking, location collection, data sharing with 20 companies, and external web links with no parental gate. All of that is technically allowed.

Here's a 5-minute audit that actually works. You don't need to be technical — you need to know where to look and what the answers mean.

The six checks

1. Is it in the Kids Category on the App Store?

Look at the app's App Store page. Under the name, it either says "Age 4+" / "Age 9+" etc. alone, OR it says "Kids — Ages X–Y" with a little "Kids" badge.

The Kids Category is an active opt-in by the developer. Apps in it are subject to stricter rules — no third-party ads in most cases, no external links without a parental gate, COPPA compliance required. Apps outside Kids Category can still target kids without any of those protections.

Quick read: Kids Category = developer accepted the rules. Age rating alone = developer just declared a number.

2. What does "Privacy Nutrition Label" actually show?

Scroll down the app's App Store page to "App Privacy." You'll see one of three options:

  • Data Not Collected — the app collects nothing. Rare; usually means it genuinely doesn't need anything.
  • Data Not Linked to You — data collected but not tied to identity. Usually acceptable for analytics.
  • Data Used to Track You — data is being shared with third parties for cross-app / cross-site tracking. This is the red flag.

Under each category you'll see a list of what they collect (identifiers, usage data, location, contacts, etc.). For a kids app, the "Data Used to Track You" section should ideally not exist at all. If it does, that's the end of the audit — move on.

3. Read the Privacy Policy, specifically for "third parties"

The app links its privacy policy from the App Store page and usually inside the app. Open it. Use Cmd-F (or long-press + Find on iOS) and search for "third part."

For each mention, ask: what are they sharing, and with whom?

Language to trust:

  • "We do not share data with third parties."
  • "Data is stored exclusively in Apple's iCloud / CloudKit."
  • Specific named services with a clear role ("We use Stripe to process payments.")

Language to distrust:

  • "We may share data with partners to improve our services."
  • "We work with advertising networks to show relevant content."
  • "Data may be transferred to third parties for business purposes."

The vague language isn't legal necessity — it's deliberate. Companies are specific when they want you to trust them and vague when they don't want you to notice what they're doing.

4. Are there ads?

This one is fast. Open the app, spend 60 seconds in it, look for banner ads, interstitials, or "sponsored" content. In theory, Kids Category apps aren't supposed to have third-party ads. In practice, a few sneak through.

Also watch for in-app purchases that can be triggered by a child. A kid-accessible purchase flow (tap → dialog → buy) without a parental gate is a rejection-eligible App Store violation but some apps ship with it anyway.

Good sign: when you tap anything that might lead to buying something, iOS shows an Apple-provided parental gate before the purchase dialog. If it doesn't, the app isn't designed for unsupervised kid use.

5. What happens when you tap an external link?

In the app, find any link that goes outside (the privacy policy itself, a "Rate this app" button that opens the App Store, a "Visit our website" link). Tap it.

Two possible behaviors:

  • A parental gate (math problem, press-and-hold, "ask a parent" screen) appears before you leave. This is what Kids Category requires.
  • The link opens immediately. Not ideal — it means a kid can tap outbound to any URL the app points at, with no friction.

A lot of otherwise-fine apps fail this specific check because their developers didn't realize the rule applied. Safer apps gate every external link.

6. Does it have a "Delete all my data" flow?

In the app's settings, look for "Delete account" or "Delete all data." Apple requires this for any app that creates a user account. More importantly, it's a signal: apps that take data seriously make it one tap to remove; apps that don't hide the option behind a customer-service form or simply don't provide one.

This check doubles as a test of the app's data story. A healthy app can delete your data because it knows where all of it is. An unhealthy app can't delete your data cleanly because copies are scattered across third-party analytics, marketing tools, and backup systems.

What the answers usually reveal

Run the six checks on three apps your kid uses. You'll notice a pattern:

  • Apps built specifically for kids 8–13 on iOS, with a small team, usually pass all six cleanly.
  • Apps owned by large consumer companies tend to fail check 2 (data used to track) and check 3 (vague third-party sharing).
  • Apps that started as adult products and added a "kids mode" tend to fail check 4 (ads) and check 5 (external links).
  • Apps you've never heard of from developers you can't easily find online tend to fail check 6 (no data deletion).

The audit takes 5 minutes

We'd argue it's the highest-leverage thing a parent can do before downloading anything their kid will use daily. Kid-facing apps get access to hours of attention, notifications, location signals, usage patterns, potentially audio and images. The cost of getting it wrong is high; the cost of checking is low.

A few specific apps are good test cases if you want to calibrate: open the App Store, look up a popular kids game from a big publisher, and run the six checks. Then run them on a Kids Category app from a small developer. The difference is often dramatic and educational.

Our bar

Since Rooteen is itself an app for kids, here's what we did on each check, for reference:

  1. Kids Category, yes — Ages 9–11 bracket.
  2. Privacy label: Data Not Collected. We don't collect anything that leaves your iCloud.
  3. Third-party sharing: none. Privacy policy is explicit; nothing transits our servers because we don't have servers for user data.
  4. Ads: none. Neither third-party nor first-party. No "sponsored" content.
  5. External links: gated. The few outbound links (privacy policy, App Store) sit behind parental gates.
  6. Data deletion: one tap in Settings, wipes everything from iCloud.

That's the standard we'd want for anything our own kids use. It's not hard to meet — it mostly requires a decision up front to build that way. You'll find which apps made that decision, and which didn't, in about 5 minutes.

Rooteen was built COPPA-compliant, data-in-your-iCloud-only, no ads, no trackers. iOS 8–13.

Try it tonight

Rooteen is free on the App Store.

One kid, one device, zero ads. If Pro isn't clearly worth it, don't buy it.

Download Rooteen →