1,248 APAC Mobile Apps Violating COPPA: Protecting Children's Privacy (2026)

Over 100 Million U.S. Children’s Privacy at Risk: Pixalate Exposes Shocking Violations in APAC-Registered Mobile Apps

In a startling revelation, Pixalate’s Q3 2025 report has uncovered a massive breach of children’s privacy, with 1,248 mobile apps registered in the Asia-Pacific (APAC) region violating the Children’s Online Privacy Protection Act (COPPA). These apps, available on both the Apple App Store and Google Play Store, have collectively impacted 117 million child-app users in the United States, raising serious concerns about the safety of children’s personal information online. But here’s where it gets controversial: many of these apps are failing to disclose how they collect, process, or use children’s data, leaving parents and guardians in the dark.

The Alarming Findings

Pixalate’s data science and legal teams analyzed 23,097 mobile apps classified as likely child-directed, identifying 7,524 registered in the APAC region. Among these, 1,248 apps were found to be in violation of COPPA. Here’s a breakdown of the key issues:

1. Privacy Policy Deficiencies: A staggering 77% of the violating apps (962 out of 1,248) failed to provide adequate disclosures about their data practices, leaving users unaware of how their children’s information is being handled.
2. No Privacy Policies at All: 78 apps had no detectable privacy policy, yet 92% of these (72 apps) unlawfully transmitted users’ IP addresses in the advertising bid stream.
3. Data Transmission Practices: 96% of the violating apps (1,198) shared Device IDs of U.S.-based users, potentially exposing children’s identities to advertisers.
4. Platform Distribution: These 1,248 apps have amassed over 117 million lifetime users, with the majority likely being children.
5. Advertising Network Integrations: Google Ad Exchange appeared in the app-ads.txt files of 45% of the non-compliant apps (558), highlighting the role of major ad networks in this privacy crisis.

Understanding COPPA and Its Implications

COPPA regulates the online collection of personal information from children under 13, including location, contact details, IP addresses, and even photos or videos. However, the report reveals that many APAC-registered apps are blatantly disregarding these rules, putting children’s privacy at risk. And this is the part most people miss: even apps that seem harmless, like coloring books or driving simulators, may be secretly harvesting sensitive data.

Top Offenders: Who’s Exposing Your Child’s Data?

Here are the top 5 APAC-registered apps likely violating COPPA on both major platforms:

Google Play Store:
1. Brain Out®: Can you pass it? (India) – 12.5M users
2. SAKURA School Simulator (Japan) – 7.5M users
3. Megapolis: City Building Sim (Hong Kong) – 7M users
4. Blockman Go (Singapore) – 6M users
5. 3D Bowling (Singapore) – 3M users

Apple App Store:
1. Coloring Book -Color by Number (Hong Kong) – 564.8K users
2. Paint.ly: Color by Number (Hong Kong) – 454K users
3. Makeup ASMR: Makeover Story (India) – 374K users
4. Car Driving Simulator Games (Australia) – 301K users
5. Puzzrama Pixel (China) – 226K users

The Methodology Behind the Report

Pixalate’s analysis was based on:
- Platform Availability: Apps downloadable from Google Play and Apple App Store in Q3 2025.
- Classification: Apps identified as likely child-directed using Pixalate’s COPPA Methodology.
- Advertising Integration: Apps with programmatic ads targeted at APAC consumers.
- Policy Analysis: Privacy policies crawled during Q3 2025.

The Bigger Question: Who’s to Blame?

While Pixalate’s report sheds light on these violations, it also raises a controversial question: Are app developers, ad networks, or platform providers more responsible for this privacy crisis? Some argue that platforms like Google and Apple should enforce stricter compliance, while others believe developers must take greater accountability. What do you think? Should there be harsher penalties for non-compliance, or is the onus on parents to monitor their children’s app usage?

About Pixalate

Founded in 2012, Pixalate is a global leader in privacy compliance, ad fraud prevention, and digital ad supply chain intelligence. Trusted by regulators, advertisers, and tech platforms, Pixalate is accredited by the MRC for detecting Sophisticated Invalid Traffic (SIVT).

Disclaimer: This report reflects Pixalate’s opinions and is not intended to impugn any entity or app. The findings are based on proprietary technology and analytics, which are continuously evaluated and updated.

Call to Action: Is your child’s favorite app on this list? Share your thoughts in the comments—are you concerned about these privacy violations, or do you believe it’s an overblown issue? Let’s start a conversation about protecting our children’s digital future.