Pixalate’s Q2 2025 Report Uncovers 240 US-Registered Mobile Apps Across Apple, Google App Stores Likely Violating COPPA, Jeopardizing Up to 15 Million Children’s Privacy Rights

London, Aug. 19, 2025 (GLOBE NEWSWIRE) -- Pixalate, the leading ad fraud protection, privacy, and compliance analytics platform, today released the Q2 2025 State of Children’s Privacy Risk Report for Mobile Apps. The analysis reveals significant privacy gaps found in mobile apps available to download on Google Play Store and Apple App Store, potentially violating the Children’s Online Privacy Protection Act (COPPA)  by unlawfully collecting, using and sharing children’s personal information in the advertising bid stream.

Pixalate’s data science and legal teams evaluated 24,561 mobile apps classified as likely child-directed pursuant to Pixalate’s COPPA Methodology, and identified 240 U.S.-registered, advertising-enabled apps (e.g., with app-ads.txt, open programmatic ad traffic) that are likely violating COPPA, placing the online privacy and safety of up to 15 million lifetime app users– majority likely children–in jeopardy.

Key Findings Raise Concerns About Children’s Data Privacy

Privacy Policy Deficiencies. 191 (80%) of 240 covered apps that are likely violating COPPA failed to provide adequate disclosures regarding their collection, processing, or use of children’s personal information Data Transmission Practices. 15 (88%) out of 17 likely child-directed covered apps that did not have privacy notices/policies and transmitted children’s Device IDs in the advertising bid stream, as measured by Pixalate Platform Distribution. 240 U.S.-registered apps that are likely non-compliant under COPPA across the Google Play and Apple App Store have collectively accumulated  over 15 million Lifetime App Users Advertising Network Integrations. Google Ad Exchange appeared in the app-ads.txt files of 200 (83%) covered apps identified as likely non-compliant under COPPA

Understanding COPPA and Children’s Personal Information

The COPPA Rule regulates the online collection of personal information from children under 13 years old. Under COPPA guidelines, personal information encompasses individually identifiable data collected online, including:

Location Home or other physical address Contact information and security numbers Persistent identifiers such as IP addresses and device identifiers Photographs, videos, or audio recordings containing a child’s voice or image.

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA - Apple App Store

RankAppDeveloperDeveloper CountryLifetime App Users (US)1Magic Jigsaw Puzzles－Games HDXIMAD, Inc.UNITED STATES1.2M27 Little Words and MoreBlue Ox Family Games, Inc.UNITED STATES596K3Monkey Wrench - Word SearchBlue Ox Family Games, Inc.UNITED STATES139K4Art of Puzzles - Jigsaw GamesXIMAD, Inc.UNITED STATES106K5Dog Game - The Dogs Collector!MinoMonsters Inc.UNITED STATES98K

Top 5 US-Registered Likely Non-Compliant Mobile Apps under COPPA - Google Play Store

RankAppDeveloperDeveloper CountryLifetime App Users (US)1Mini Block CraftStartourMobsUNITED STATES1.9M2Magic Jigsaw Puzzles－Games HDZiMADUNITED STATES1.9M37 Little WordsBlue Ox Family Games, Inc.UNITED STATES902K4Addons for MinecraftKayen WorksUNITED STATES852K5Sailor CatsPlatonic GamesUNITED STATES774K

Methodology
Pixalate’s data science and legal teams analyzed 24,561 mobile devices using the following criteria:

Platform Availability. Apps downloadable from the Google Play Store and the Apple App Store during Q2 2025 Classification. Apps identified as likely child-directed, determined by Pixalate’s COPPA Methodology Advertising Integration. Apps with programmatic advertising traffic impressions targeted towards consumers within the United States. Apps with ads may also contain app-ads.txt files as detected by Pixalate’s technology or one of Pixalate’s third-party licensors Policy Analysis. Privacy policies were primarily crawled during Q2 2025 96%), while Pixalate crawled the remaining 4% of apps during Q1 2025

The complete methodology and detailed findings are available in the full report, which is available for download here.

About Pixalate
Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com

Disclaimer

The content of this press release, and the Q2 2025 State of Children’s Privacy on Mobile Apps Report (the ‘report’) - including all content set forth herein, reflect Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry, inclusive of advertisers, advertising technology companies, developers of mobile applications, professional advisors, non-governmental entities, and regulators.  Pixalate is sharing this report’s data–and opinions relating thereto–not to impugn the standing or reputation of any entity, person, or app, but, instead, to report opinions and suggest trends pertaining certain apps available for download via the Apple App Store & Google Play Store during the time period studied. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees.

It is important to note that the mere fact that an app appears to be directed to children or is deemed likely child-directed (e.g., data subjects under 13 years of age, as defined by COPPA), does not mean that any such app, or its operator, is failing to comply with COPPA. Further, with respect to apps that appear to be directed to children and have characteristics that, in Pixalate’s opinion, may trigger related privacy obligations and/or risk, such assertions reflect Pixalate’s opinions (i.e., they are neither facts nor guarantees); and, although Pixalate’s methodologies used to render such opinions are derived from automated processing, which at times is coupled with human intervention, no assurances can be – or are – given by Pixalate with respect to the accuracy of any such opinions.