Bold claim: A massive privacy blind spot hides in APAC mobile apps, and it could affect the personal data of millions of children. Now, here’s how the story unfolds and why it matters to parents, developers, and regulators alike.
Pixalate released the Q3 2025 State of Children’s Privacy Risk Report for Asia-Pacific Mobile Apps, revealing that 1,248 APAC-registered apps listed on Google Play and Apple App Store may be violating the Children’s Online Privacy Protection Act (COPPA). The analysis indicates these apps may be unlawfully collecting, using, and sharing children’s personal information within the advertising bid stream, a concern that could impact privacy for an estimated 117 million child-app users in the United States.
Scope and methodology
Pixalate’s team, combining data science with legal review, examined 23,097 mobile apps classified as likely child-directed under Pixalate’s COPPA methodology. Of these, 7,524 were identified as APAC-registered.
Key findings and what they mean for privacy
- Privacy policy gaps: Among the 1,248 APAC-registered apps that appear likely to violate COPPA, 962 (77%) lack adequate disclosures about how children’s data is collected, processed, or used.
- Absence of privacy policies: 78 APAC-registered child-directed apps lacked a detectable privacy policy, and among these, 72 (92%) transmitted users’ IP addresses in the advertising bid stream in an unlawful manner.
- Data transmission practices: A striking 1,198 (96%) of the COPPA-violating APAC apps shared Device IDs associated with US-based users in the advertising bid stream.
- Scale of impact: The 1,248 APAC-registered apps flagged as COPPA non-compliant have together reached over 117 million lifetime app users, with the majority likely being children.
- Ad network integrations: Google Ad Exchange appeared in the app-ads.txt files of 558 apps (45%) identified as COPPA non-compliant.
A quick primer on COPPA
COPPA governs online collection of personal information from children under 13. Personal information under COPPA includes location data, home or physical addresses, contact details, persistent identifiers (such as IP addresses and device IDs), and multimedia content like photos, videos, or audio that contain a child’s voice or image.
Top non-compliant APAC apps by store
Google Play Store
1) Brain Out: Can you pass it?, Focus Apps (India) — 12.5M lifetime US users
2) SAKURA School Simulator, Garusoft LLC (Japan) — 7.5M
3) Megapolis: City Building Sim, Social Quantum Ltd (Hong Kong) — 7M
4) Blockman Go, Blockman GO Studio (Singapore) — 6M
5) 3D Bowling, Italic Games (Singapore) — 3M
Apple App Store
1) Coloring Book - Color by Number, Doodle Mobile Limited (Hong Kong) — 564.8K
2) Paint.ly: Color by Number, PICFUN TECH LIMITED (Hong Kong) — 454K
3) Makeup ASMR: Makeover Story, JUNGFRAU TECH PTE. LTD. (India) — 374K
4) Car Driving Simulator Games, Better Games Studio Pty Ltd (Australia) — 301K
5) Puzzrama Pixel, Translimit, INC. (China) — 226K
Methodology at a glance
Pixalate analyzed apps against four criteria:
- Platform availability: Apps downloadable from Google Play and Apple App Store during Q3 2025.
- Classification: Apps identified as likely child-directed using Pixalate’s COPPA Methodology.
- Advertising integration: Programs with impressions targeting consumers in the Asia Pacific region, including the presence of app-ads.txt or other ad-traffic signals detected by Pixalate or licensor partners.
- Privacy policy analysis: Crawling and evaluating the presence and content of privacy policies during Q3 2025.
About Pixalate
Pixalate specializes in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Since 2012, it has served regulators, researchers, advertisers, publishers, ad tech platforms, and financial analysts across CTV, mobile apps, and websites. Pixalate is accredited by the MRC for detecting and filtering Sophisticated Invalid Traffic (SIVT).
Disclaimer and context
The report presents Pixalate’s interpretations of the data and trends observed in apps available on the official Apple App Store and Google Play Store during the studied period. It does not imply universal non-compliance by every app or operator. Automated processing underpins much of the analysis, occasionally supplemented by human review, but no guarantees are offered about the absolute accuracy of every opinion. The release is intended to illuminate potential privacy risks and inform industry discussion, not to single out individuals or brands.
Engaging questions
- Do these COPPA gaps reflect broader standards across other regions, or are APAC apps uniquely at risk?
- What responsibilities should app platforms bear when detected policy gaps in child-directed apps, and how should enforcement evolve?
- How can parents and guardians better protect children’s data if a seemingly popular app lacks clear privacy disclosures?
If you’d like, this rewrite can be tailored for a specific audience (parents, developers, policy makers) or adapted to a shorter or longer format with additional examples or clarifications.
