COPPA §312.5 and §312.7 prohibit using ad networks in children's apps that collect persistent identifiers or engage in behavioural targeting unless those networks are COPPA-certified. Using AdMob mediation in a Kids app without explicitly disabling non-certified mediated networks means you cannot guarantee which network actually served an ad — and if a non-certified network served it, you are liable. The FTC has pursued enforcement actions against app developers for exactly this configuration gap, resulting in consent decrees and civil penalties.
Info because the certification status of ad SDKs is an advisory finding — the hard pass/fail is covered by the COPPA/GDPR-K check — but uncertified networks in Kids apps are a direct FTC enforcement risk.
For Kids apps, disable all ad mediation that includes non-certified networks. In AdMob (https://apps.admob.com) → App settings → Ad units, explicitly disable non-Google-certified partner networks for your Kids app ad units — the setting is per ad unit, not per app.
If you use AdMob mediation, review the mediation waterfall and remove any network that does not appear on Google's Certified Publishing Partners list (https://support.google.com/admob/answer/9683718). Consider eliminating advertising entirely from Kids apps and monetising through premium pricing or in-app purchases — this removes COPPA ad-network complexity entirely and is the approach Apple's own Kids apps take.
ID: app-store-privacy-data.children-sensitive.coppa-certified-ad-sdks
Severity: info
What to look for: Count all relevant instances and enumerate each. If a Kids category app or a COPPA-directed app is detected, check whether ad SDKs in use are COPPA-certified or on the FTC's approved list. Known COPPA-compliant ad networks: Google AdMob (when tagForChildDirectedTreatment = true and using Google Certified Publishing Partner program), SuperAwesome, Kidoz, Kiddopia, Inneractive (with child-directed flag). Known non-COPPA-certified networks (not safe for Kids apps): Meta Audience Network without child-safe configuration, AppLovin (in standard mode), ironSource (in standard mode). Check package.json, Podfile, and build.gradle for ad network identifiers and cross-reference against known child-safe status. If the app uses a mediation platform (AdMob mediation, MoPub, MAX), check that child-directed treatment propagates to all mediated networks. This is informational — flag if uncertified networks are present in a Kids app.
Pass criteria: Kids app or COPPA-directed app uses only COPPA-certified ad networks, or has no advertising at all. At least 1 implementation must be verified.
Fail criteria: Not applicable — this is an info check. Result is pass, info (recorded as pass with detail), or skip.
Skip (N/A) when: App is not in Kids category and no COPPA targeting signals detected; or app has no advertising.
Detail on fail: Not applicable — info check. Use detail: "Kids category app uses AppLovin Max mediation — verify all mediated ad networks have child-directed treatment enabled and are COPPA-certified" or "No COPPA-safe ad SDK configuration found for Kids app — consider SuperAwesome or Google Certified Publishing Partners"
Remediation: Using non-certified ad SDKs in Kids apps is an FTC violation and causes App Store removal.
Review the configuration in src/ or app/ directory for implementation patterns.