App developers Spinrilla, Top Free Games and Bearbit Studios violated the industry's mobile privacy code, a watchdog administered by the Better Business Bureau said Wednesday. Top Free Games and BearBit also may have violated the Children's Privacy Online Protection Act, according to the BBB's Online Accountability Unit.
The move marks the first time the industry has issued decisions centered on mobile apps. The ad industry unveiled a mobile privacy code in 2013, but didn't begin enforcement until last September.
Spinrilla, which streams hip-hop music, allowed third-party ad companies to collect a host of data about users -- including geolocation data and unique device identifiers -- according to the watchdog. The company didn't notify users that their precise location data would be collected by third parties, the BBB reported.
The self-regulatory group Digital Advertising Alliance's mobile privacy rules require app developers, ad networks, and other mobile ad companies to obtain consumers' explicit permission before gathering their geolocation information.
Spinrilla no longer allows third parties to collect geolocation data, the BBB said Wednesday.
The watchdog also said that Bearbit Studio's Smashy Road app and Top Free Games' Mouse Maze may have violated the Children's Online Privacy Protection Act by collecting unique identifiers from users under 13 without obtaining parental consent.
The BBB's enforcement unit said that both apps appeared to be covered by that law, because they seemed directed at children under 13. In Mouse Maze, for instance, the main character is "a cartoon mouse with exaggerated features," the watchdog writes.
Both companies unsuccessfully argued to the BBB that their apps were intended for a general audience.
Top Free Games and Bearbit told the watchdog that they have implemented age-screens and won't allow third parties to collect persistent identifiers from users younger than 13.
Top Free Games said it won't commit to a voluntary self-regulatory program because it isn't a U.S. company. But the BBB's Online Accountability unit says it "will actively monitor" the company to determine whether it is complying with the privacy code.
All three developers were also faulted for failing to provide "enhanced" notice about cross-app advertising. The industry code requires developers to provide enhanced notice if they allow ad networks (and other third parties) to collect data in order to serve users targeted ads across different apps. Often mobile developers accomplish this via links that take people directly to sites that offer information about interest-based ads.