Disclosures are severely lacking when it comes to children's apps on Apple's and Google's app stores, according to a new report (PDF) from the Federal Trade Commission. Published Monday, the FTC details its findings from 400 apps across both stores that are geared toward children, highlighting that numerous apps still collect personal data to be transmitted to marketers without parents' knowledge. In addition, the FTC said many app makers claim not to advertise to kids within their apps while simultaneously doing exactly that—another practice that concerns the FTC.

The FTC examined both the privacy policies and actual practices within each of the 400 apps selected for review, finding that only 16 percent provided a privacy policy to parents before downloading and 20 percent after downloading. Even then, the Commission found the disclosures that were provided were often full of dense, too-technical information that "would be difficult for more parents to read and understand." The report also says many policies lacked basic details like what kind of personal information would be collected, the purpose of the collection, and who would gain access to the data.

The reason for concern is valid. Some of the apps examined by the FTC transmitted not only device IDs, but also the device's phone number, geolocation, birth dates, e-mail addresses, home mailing addresses, and other information to third parties. A full 59 percent of apps tested reported some kind of personal information (usually a device ID, with a lower prevalence of sharing other info) to a third party or the app's developer, while a number of those apps actually stated in their privacy policies that they do not share that information with third parties.

"Although these figures appear low, they raise concerns for several reasons," wrote the FTC. "[T]he third parties that received this geolocation data or phone number could potentially add it to any data previously collected through other apps running on the same device." The FTC pointed out that the data was often sent to advertising networks with no disclosures on how the information would be used, and that the apps had been downloaded hundreds of thousands of times, "meaning that a significant number of consumers’ geolocation information had been shared through this small group of apps."

The FTC also took a look at disclosures when it came to advertising within the apps. The percentage of children's apps that spelled out that they contain advertising went up from a previous FTC survey—from seven percent earlier this year to nine percent. But the actual number of children's apps that contained advertising was much higher than earlier in the year, widening the gap between disclosures and reality. The Commission found that 58 percent of the apps it examined did contain ads (despite the nine percent disclosure), "[a]nd of the 24 apps that stated that they did not contain advertising, ten apps actually did contain advertising."

The findings are only part of the 42-page report on disclosures, which also looked at the number of apps that offer in-app purchases and those that provide links to social media services. But the overall message that tied these observations together was that parents are still woefully under-informed about their kids' privacy—and what they're being exposed to—when they use apps geared toward their age groups.

"[S]taff found little or no improvement in the disclosures made and, worse, a significant discrepancy between the privacy disclosures and the actual practices of the surveyed apps," concluded the FTC. "Without adequate and accurate information about apps they download for their kids, parents cannot make informed choices about their children’s privacy and exposure to social networks and other interactive features."

The Commission notes some of these disclosure discrepancies could violate the Children's Online Privacy Protection Act (COPPA) or parts of the FTC Act against deceptive practices—but noted that enforcement actions alone aren't enough to materially improve the privacy of children. Indeed, the state of California has been cracking down on mobile app makers as of late over their privacy policies, though the threats don't appear to have done much to improve the mobile landscape so far. The state sued Delta for failing to include a privacy policy on its app, and California Attorney General Kamala Harris previously notified a number of developers that if they don't have an obvious privacy policy posted, they could face fines of up to $2,500 per download. In 2011, an iOS app maker responsible for a handful of children's games, agreed to a $50,000 settlement with the FTC for collecting children's personal data.

But as the FTC said in its latest report, even apps with privacy policies aren't always telling the whole story. This story is often muddled with off-putting and confusing legal speak. Without even more straightforward communication to consumers about how their (and their kids') information is being used, we're all but guaranteed to continue seeing reports on privacy and transparency problems within mobile apps—despite whatever sanctions are already in place.