Jun 29, 2014 - 0 Comments - Data -

COPPA & user data in a kids’ app: the case for Parse

Cool Robin

Making apps for kids, and remaining within the bounds of the COPPA regulations, can be a tricky business, especially where user data is concerned. Our first app, Robin’s Challenge, finishes with a fun little colouring page. We wanted our app not just to introduce children to British birds and wildlife, but also to give them a taste of the power and versatility of networked software. Allowing our users to upload their drawings to our website, to compare with others from kids around the world, was a perfect way to do this.

After careful reading of the regulations, long discussions, and some legal advice, we were able to narrow the issues that specifically related to this feature of the app down to the following:

[To comply with COPPA, apps must] provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children

It goes without saying that this requirement is a much-needed method of forcing app developers to take their users’ rights and safety seriously. However, there was no way we could feasibly create a system whereby each user had to provide us with explicit, “verifiable” parental consent before we then updated the app to provide the user with the upload functionality. Our only solution was to avoid this process altogether, and collect no regulated information (essentially, anything that can be used to identify the child) about our user whatsoever.

Enter Parse. I have a day job, and I am not a PHP developer, and the prospect of creating a server ecosystem that could handle uploads and display them on our website in real time was not attractive. The main problem, however, was how to give our young users the freedom to draw and colour in whatever they wanted, and allow them to be able to recognise their drawings amongst all the others, without collecting any personal identifiable information, and retaining some control over what ended up on our website. The last thing we wanted was for our website to turn into an open public platform ripe for vandalism.

Parse allowed me to solve all these problems with a simple sidestep. There are other similar services we could have used, but of those I looked at (including Firebase, Dropbox, and PubNub), none seemed to offer the ease of implementation – of what would turn out to be a fairly complex solution, technically – that Parse could (of course, correct me if I’m wrong). With Parse I was able, less than 30 lines of code, to build a process that worked as follows:

  1. User saves drawing with title, taps “upload”
  2. App uploads drawing + title to our Parse account
  3. Using its “Cloud Code” feature, Parse uses Mandrill (an email API from MailChimp) to send me an email containing a thumbnail of the drawing, the title, and an “approve” link
  4. If the drawing and title contain no personal info, and nothing offensive, I hit “approve” in the email. Otherwise, I go into Parse directly and delete the upload permanently
  5. Parse marks the drawing and title as approved, and whenever someone goes on the “gallery” page of our website, all the Parse uploads marked as “approved” are immediately retrieved

This allows us to keep control of our website, wherever we are and at any time, while also opening up our website to the creativity of our users. And so far, it hasn’t cost us a penny.

If you would like to see some code, let me know in the comments below and I will post some up.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>