Apple volleys age verification question back to sites and apps

Apple has released a white paper that lays out its position on age assurance and outlines new tools it will roll out to “help parents protect their kids in a way that is designed around privacy.” It also formally and firmly states its belief that the responsibility for age assurance measures should be on apps offering age-restricted content – and not app stores that offer them for download.

Its publication has drawn a response from Meta, which is among the loudest firms saying that age assurance should be handled by app stores, continuing a back-and-forth that has also drawn in the porn industry and digital rights activists.

Data minimization argument hinges on question of scale

Apple’s main argument against having to ask users for proof of age when downloading apps hinges on data minimization.

“The digital world is increasingly complex,” Apple’s white paper declares, “and the risks to families are ever-changing, including the proliferation of age-inappropriate content and excessive time on social media and other platforms.” Its new safety features will make it easier for parents to set up Child Accounts and “allow them to share information about the age range of their kids with apps to enable developers to provide only age-appropriate content, all without needing to share their birthdate or other sensitive information.”

In doing so, Apple is wisely offering an alternative to biometric age verification or age estimation tools – and not-so-subtly implying that, when it comes to the free speech arguments the porn and social tycoons have been slinging around to put age assurance on anyone else, the question of scale matters.

Because most apps don’t have age restrictions, Apple says, and therefore don’t need users to verify their age or undergo age estimation, making anyone who wants to download an app do so is invasive. In other words, most everyone who has a phone uses apps, but not everyone who uses apps uses them for every purpose.

“After all, we ask merchants who sell alcohol in a mall to verify a buyer’s age by checking IDs – we don’t ask everyone to turn their date of birth over to the mall if they just want to go to the food court,” the paper says. “Requiring age verification at the app marketplace level is not data minimization. The right place to address the dangers of age restricted content online is the limited set of websites and apps that host that kind of content.”

Declared Age Range API requests age range info once parents allow it

Apple says its Declared Age Range API gives kids the ability to share their confirmed age range with developers, but only with the approval of their parents, so that as little personal information as possible is collected. “The age range will be shared with developers if and only if parents decide to allow this information to be shared, and they can also disable sharing if they change their mind. And it won’t provide kids’ actual birthdates.”

Apple calls it a “narrowly tailored, data-minimizing, privacy protecting tool to assist app developers who can benefit from it, allowing everyone to play their appropriate part in this ecosystem.”

“And the limited subset of developers who actually need to collect a government issued ID or other additional sensitive personal information from users in order to meet their age-verification obligations can still do so, too. All in all, it gives developers a helpful addition to the set of resources that they can choose from – including other third-party tools – to fulfill their responsibility to deliver age-appropriate experiences in their apps.”

Meta struggles to snap back; AVPA, Yoti see it as step in right direction

Meta, as mentioned, does not particularly like the move. Reuters quotes Meta spokesperson Stephanie Otway, who says “parents tell us they want to have the final say over the apps their teens use, and that’s why we support legislation that requires app stores to verify a child’s age and get a parent’s approval before their child downloads an app.”

The age assurance industry, however, seems much more receptive, weighing in on LinkedIn to offer cautious optimism. The Age Verification Providers Association (AVPA) calls it “a welcome move from Apple to improve the mechanics of the parental controls they offer for their app store.” AVPA supports the U.S. “Shielding Children’s Retinas from Egregious Exposure on the Net” (SCREEN) Act, which states that self-assertion is not adequate, that age verification should be applied to all visitors who are determined to be visiting from an IP address within the U.S., and that online service providers can choose between third-party providers for age assurance.

Yoti CEO Robin Tombs says the DAR API will be helpful for many child focused apps. “But it will still be for lawmakers and regulators to decide which types of content, products and services are age restricted and require effective, or highly effective age assurance. Parental vouching/assertion of a child’s age is a level of confidence up from child self assertion but understandably it is not deemed highly effective age assurance by Ofcom.”

Too many parents, says Tombs, admit to letting their children enter false ages to access content or services some they think their children are old enough for, thereby undermining the whole enterprise.

“Parental vouching is unlikely ever to be deemed highly effective because two years after a parent has falsely vouched their 13 child was 16+, a regulator is unlikely to allow a business to rely on that 15 year old child’s parent vouched age evidence to buy alcohol online, play 18+ games, buy vapes online, watch online porn or sign up to online dating sites.”

Article Topics

age estimation  |  age verification  |  app stores  |  Apple  |  AVPA  |  children  |  data privacy  |  digital identity  |  Meta  |  Yoti