This post is also available in:
עברית (Hebrew)
A U.S. regulatory investigation has concluded that a popular educational robot app unlawfully allowed the collection of children’s location data—without proper parental consent. The U.S. Federal Trade Commission (FTC) announced a settlement this week with Apitor Technology, the maker of STEM-focused robot kits aimed at children.
At the center of the issue is Apitor’s mobile companion app, which is used to control and program its robot kits—sold widely online and intended for children aged 6 to 14. According to the FTC, the Android version of the app required users to enable location sharing in order to connect with the robot. However, the app also included third-party software that collected precise geolocation data without parental knowledge or permission.
The data collection violated the Children’s Online Privacy Protection Act (COPPA), which mandates that companies must obtain verifiable parental consent before collecting personal information from children under 13. The FTC found that no such consent was requested from users of the Apitor app, whether they registered or used it as guests.
The data was accessed through a software development kit (SDK) known as JPush, developed by a China-based company, Aurora Mobile (also known as Jiguang). Once activated, the SDK could gather sensitive location information and potentially use it for targeted advertising or other purposes unrelated to the app’s function.
Although Apitor has not admitted wrongdoing, it has agreed to comply fully with COPPA regulations going forward. As part of the settlement, the company must inform parents before any data collection involving children, obtain clear consent, delete data upon request, and limit data retention to what is strictly necessary.
The FTC imposed a $500,000 penalty, which will be suspended due to the company’s financial claims. However, if Apitor is found to have misrepresented its ability to pay, the full amount may be reinstated.
The case underscores the privacy risks associated with connected children’s products, especially when third-party software is embedded in apps. It also highlights the importance of transparency in the handling of data from young users—something regulators are watching closely.
