Nationwide, battles are brewing about how best to protect children online. Courts are deciding on the constitutionality of new age-assurance laws, and lawmakers in several states and Congress are considering how best to ensure kids have age-appropriate experiences online.
The Developers Alliance believes that protecting children’s privacy is the responsibility of every parent, developer, and platform, and we commend lawmakers for addressing this issue. This is a critically important issue, and requires careful consideration. However, some state and federal age verification proposals—and laws passed in Texas, Louisiana, and Utah—threaten to burden the vast majority of apps that do not offer age-based experiences, while leaving massive loopholes for web apps, console and VR apps, and apps that come pre-installed on mobile devices.
Instead of targeting apps that provide age-based experiences like dating and social media apps, these proposals would saddle every app, including educational games or weather apps, with compliance costs they cannot afford and data liability they do not want.
Developers deserve smart age verification regulations that protect children and preserve the current app ecosystem, not flawed one-size-fits-all proposals.
Blanket Age Verification Requirements Lack Common Sense
A one-size-fits-all approach is not the most effective solution. The federal proposal App Store Accountability Act (ASAA) and state bills like Michigan Senate Bill 284 and Ohio House Bill 226 would require app stores to determine the age of every user, and then transmit this data to every app they download, regardless of what the app is or what experience it provides users.
This blanket approach treats all apps the same—whether they’re geared toward adults, offer different experiences based on the user’s age, or are general, all-purpose, and appropriate for users of all ages. As Ohio app owner Arijit Sengupta points out, safe apps like his will face barriers to entry, as guardians must approve every download their minor tries to make. Even more concerning, our recent data shows that 60% of Michigan developers and 77% of Ohio developers don’t even have a reason to know their users’ ages. But proposals like ASAA, MI SB 284, and OH HB 226 would force them to receive sensitive age data anyway.
Extreme Compliance Costs Hurt Small Teams
Forcing all apps to receive and safely store sensitive age data is a compliance nightmare. Small teams likely lack the necessary time, money, and staff to update their apps to comply with new laws. It is estimated that over 3.5 million small teams will need to update their apps, costing them about $20,000.
Even after updates are made, teams will likely struggle to find the bandwidth to receive and store additional data, especially sensitive data like age signals and birthdays. Fifty-five percent of Michigan developers and 60% of Ohio developers estimate it will cost over $10,000 a year to receive and store this age data. For small and independent developers, this crushes their bottom lines.
Loopholes Shift Responsibility & Put Kids at Risk
Blanket age verification only works for apps trying to avoid responsibility. Dating and social media apps can be easily accessed on desktops and mobile phones. Proposals like ASAA, MI SB 284, and OH HB 226 fail to take this into account, meaning minors would still be exposed to the dangers posed by dating and social media apps.
Developers Alliance Supports Balanced, More Targeted Approaches to Age Verification
Developers and families deserve regulations that prioritize children’s safety and hold accountable the apps and platforms that provide adult-oriented experiences.
Age verification laws should require age signals and parental consent only where necessary—specifically for applications that provide different experiences for users under 18 or allow mature content. In this way, responsibility should fall on apps that pose risks to minors. Small developers agree, as 93% of Michigan developers and 95% of Ohio developers believe apps that provide different experiences to users based on age, such as dating apps, should be responsible for verifying users’ ages and ensuring the experience aligns with their age.
Bills that only require age signals when necessary—like The Parents Over Platforms Act (POPA) and Ohio House Bill 302—protect families while keeping compliance practical. They give small developers the freedom to innovate without being weighed down by unnecessary costs associated with handling age signals for apps that are already safe for all ages.
The Developers Alliance also urges lawmakers to close loopholes. POPA, for example, regulates web versions of mobile apps, helping restrict children’s access to mature websites.
POPA also takes a privacy-first approach. It prohibits the use of children’s data to target ads, and bans developers from using age signals to reverse-engineer a user’s identity. It instead relies on simple signals, intrusive ID checks.
Looking Ahead
We urge lawmakers to reject one-size-fits-all mandates like the ASAA, MI SB 284, and OH HB 226, which expose children’s data to millions of apps and leave backdoors open via the web.
Instead, we should all support targeted, privacy-respecting legislation like POPA and OH HB 302, which protect families and empower parents without destroying the livelihood of small and independent developers.
