Kansas Just Tried to Make Apple ‘Check Your Kid’s Age’—Here’s the Privacy Trap That Turns Child-Safety Bills into a De Facto ID System for Everyone
Kansas SB 372 doesn’t just target “kids’ accounts.” It pressures Apple and Google to age‑categorize everyone—because you can’t reliably find minors without checking all users.
By TheMurrow Editorial
March 10, 2026
Key Points
- 1Tracks SB 372’s push to make app stores verify age categories—a move that effectively pressures Apple and Google to check everyone.
- 2Explains the “each time” rule: minors would need verifiable parental consent for every download, app purchase, and in‑app purchase.
- 3Flags the privacy trap: even with minimization and encryption language, approved verification methods could create de facto ID checkpoints.
Kansas just advanced an age question most of us avoid
Kansas lawmakers just advanced a bill that would make Apple and Google ask a question most of us have managed to avoid online: How old are you, really?
The proposal isn’t a feel‑good “think of the children” resolution. It’s a detailed compliance regime aimed at the two gatekeepers that sit between nearly every smartphone user and nearly every app. And it doesn’t merely restrict “kids’ accounts.” It effectively forces app stores to determine age status for everyone, because the store can’t reliably identify minors without checking every account holder’s age category.
Kansas Senate Bill 372—officially the “App Store Accountability Act”—passed the Kansas Senate 34–6 on Feb. 18, 2026, and moved into House committee hearings in early March: proponents on March 3, 2026, opponents on March 4, 2026, in the House Committee on Federal and State Affairs. If enacted, its core obligations would take effect on and after Jan. 1, 2027, with the Kansas Attorney General tasked with setting the rules for acceptable age‑verification methods.
The proposal isn’t a feel‑good “think of the children” resolution. It’s a detailed compliance regime aimed at the two gatekeepers that sit between nearly every smartphone user and nearly every app. And it doesn’t merely restrict “kids’ accounts.” It effectively forces app stores to determine age status for everyone, because the store can’t reliably identify minors without checking every account holder’s age category.
Kansas Senate Bill 372—officially the “App Store Accountability Act”—passed the Kansas Senate 34–6 on Feb. 18, 2026, and moved into House committee hearings in early March: proponents on March 3, 2026, opponents on March 4, 2026, in the House Committee on Federal and State Affairs. If enacted, its core obligations would take effect on and after Jan. 1, 2027, with the Kansas Attorney General tasked with setting the rules for acceptable age‑verification methods.
Kansas isn’t asking app stores to ‘be nicer’ to kids. It’s asking them to verify who’s a kid—period.
— — TheMurrow Editorial
What happens in Kansas rarely stays in Kansas when the subject is platform regulation. The bill reads like a blueprint other states could copy—and like a stress test for whether age verification can be made routine without turning app stores into identity checkpoints.
What Kansas SB 372 actually does—and how far it goes
SB 372 targets two categories of actors: app store providers and app developers, but the store is the central hub. The bill’s model assumes the app store is the only place capable of enforcing rules across millions of apps, which is why its obligations are sweeping.
The legislative path and timeline
Kansas’ own legislative record shows SB 372 has already cleared one big hurdle:
- Feb. 18, 2026: Kansas Senate passed SB 372, as amended, 34–6.
- March 3, 2026: House committee hearing for proponents (Federal and State Affairs).
- March 4, 2026: House committee hearing for opponents (same committee).
- Jan. 1, 2027: Most core app store and developer obligations are set to be effective on and after this date.
The bill also directs the Kansas Attorney General to adopt rules establishing acceptable age‑verification methods. The amended text includes deadlines that have shifted across versions (one version references on or before Jan. 1, 2027; another has Oct. 1, 2026), a reminder that even “simple” age verification gets complicated the moment lawmakers try to specify what counts.
- Feb. 18, 2026: Kansas Senate passed SB 372, as amended, 34–6.
- March 3, 2026: House committee hearing for proponents (Federal and State Affairs).
- March 4, 2026: House committee hearing for opponents (same committee).
- Jan. 1, 2027: Most core app store and developer obligations are set to be effective on and after this date.
The bill also directs the Kansas Attorney General to adopt rules establishing acceptable age‑verification methods. The amended text includes deadlines that have shifted across versions (one version references on or before Jan. 1, 2027; another has Oct. 1, 2026), a reminder that even “simple” age verification gets complicated the moment lawmakers try to specify what counts.
34–6
Kansas Senate vote passing SB 372 on Feb. 18, 2026—showing strong momentum in one chamber.
What “accountability” means in the bill
The mechanism is not subtle. SB 372 would require app stores to:
- Verify an account holder’s age category using “commercially available” methods or methods compliant with AG rules.
- When a user is determined to be a minor, the store must:
- Affiliate the minor’s account to a parent account, and
- Obtain verifiable parental consent each time the minor tries to:
- download an app
- purchase an app
- make an in‑app purchase
The bill’s reach extends beyond purchases, too. It adds a “significant change” trigger that can force renewed notification and consent.
- Verify an account holder’s age category using “commercially available” methods or methods compliant with AG rules.
- When a user is determined to be a minor, the store must:
- Affiliate the minor’s account to a parent account, and
- Obtain verifiable parental consent each time the minor tries to:
- download an app
- purchase an app
- make an in‑app purchase
The bill’s reach extends beyond purchases, too. It adds a “significant change” trigger that can force renewed notification and consent.
Under SB 372, ‘parental consent’ isn’t a one‑time checkbox—it’s a recurring gate at the moment of download and payment.
— — TheMurrow Editorial
The heart of the bill: age categories and constant parental consent
Age verification debates often get stuck on the same question: should minors be treated differently online? SB 372 answers yes—and then raises the harder question: who decides who is a minor?
“Age category” is the bill’s key lever
SB 372 does not require the app store to store a user’s exact birthdate in the operative provisions we can see from the text. It focuses on an “age category” determination—an approach designed to reduce the amount of sensitive information floating around while still enabling enforcement.
That choice is important, but it doesn’t eliminate the core reality: to assign an age category, a platform typically needs some evidence. A system that only asks a user to self‑attest (“I am over 18”) won’t hold up if enforcement relies on it. Kansas effectively nudges app stores toward stronger methods by requiring verification using commercially available options or AG‑approved methods.
That choice is important, but it doesn’t eliminate the core reality: to assign an age category, a platform typically needs some evidence. A system that only asks a user to self‑attest (“I am over 18”) won’t hold up if enforcement relies on it. Kansas effectively nudges app stores toward stronger methods by requiring verification using commercially available options or AG‑approved methods.
Consent every time: why the “each time” language matters
Most parental controls operate as a one‑time setup. SB 372’s language is more demanding: for minors, parental consent is required each time the user downloads an app, purchases an app, or makes an in‑app purchase.
That design has two consequences:
1. It shifts power to the parent at the point of transaction, not only at the point of device setup.
2. It increases friction, by design, for minors’ app discovery and spending.
Supporters will call that friction a feature. Critics will call it an overreach that turns the app store into a family choke point for ordinary downloads.
That design has two consequences:
1. It shifts power to the parent at the point of transaction, not only at the point of device setup.
2. It increases friction, by design, for minors’ app discovery and spending.
Supporters will call that friction a feature. Critics will call it an overreach that turns the app store into a family choke point for ordinary downloads.
Key Takeaway
SB 372 treats parental consent as an ongoing permission layer—re-asked at download and payment—rather than a one-time family-settings decision.
“Significant change”: the sleeper provision that could reshape updates
Plenty of legislation focuses on onboarding: age gates, consent screens, safer defaults. SB 372 also targets what happens after an app is already installed.
The bill’s “significant change” trigger
SB 372 includes a requirement that app stores notify users when an app undergoes a “significant change.” When the account belongs to a minor, the store must notify the parent and obtain renewed consent before the minor gets renewed access.
On its face, that sounds reasonable: if an app changes materially—especially in ways that alter features or data practices—parents should know. The operational question is brutal: who decides what counts as “significant”?
If app stores treat “significant change” narrowly, the requirement could become symbolic. If they treat it broadly, it could produce constant notices and repeated consent prompts, potentially making routine updates feel like renegotiations.
On its face, that sounds reasonable: if an app changes materially—especially in ways that alter features or data practices—parents should know. The operational question is brutal: who decides what counts as “significant”?
If app stores treat “significant change” narrowly, the requirement could become symbolic. If they treat it broadly, it could produce constant notices and repeated consent prompts, potentially making routine updates feel like renegotiations.
The ‘significant change’ clause turns updates into events—sometimes the most consequential changes happen after trust is already established.
— — TheMurrow Editorial
Why parents might welcome it—and developers might dread it
Parents who worry about sudden changes—new chat features, new purchases, new modes of interaction—will see this as overdue. Developers, especially smaller ones, will see compliance complexity: update cycles are frequent, and what’s “significant” to a regulator may be ambiguous to an engineering team.
SB 372’s text places the store in the middle of that ambiguity: the store must notify and gate access, even though the store may not fully understand the app’s internal changes. That dynamic pushes app stores to demand more information from developers—or to over‑prompt parents to protect themselves.
SB 372’s text places the store in the middle of that ambiguity: the store must notify and gate access, even though the store may not fully understand the app’s internal changes. That dynamic pushes app stores to demand more information from developers—or to over‑prompt parents to protect themselves.
Key Insight
The “significant change” clause doesn’t just regulate installs; it can turn routine updates into recurring consent events—depending on how “significant” gets defined.
App stores as ID checkpoints: privacy and security promises—and the hard tradeoffs
Any plan that asks platforms to verify age runs into the same concern: age verification can become a pipeline for collecting sensitive personal information. SB 372 attempts to address that risk directly, at least on paper.
What the bill requires on data minimization and security
The bill includes language requiring app stores to protect age category data and associated verification data by:
- Limiting collection and processing to what is necessary (a data minimization principle), and
- Using industry‑standard encryption when transmitting such information.
Those safeguards matter, and they show the bill’s drafters know the critique: age verification can accidentally create new databases of high‑value personal data.
- Limiting collection and processing to what is necessary (a data minimization principle), and
- Using industry‑standard encryption when transmitting such information.
Those safeguards matter, and they show the bill’s drafters know the critique: age verification can accidentally create new databases of high‑value personal data.
The unresolved question: how verification happens in practice
Even with minimization language, verification requires a method. SB 372 pushes that question toward the Kansas Attorney General, who would set acceptable methods via rules. That move gives the state flexibility to update standards as technology changes, but it also means Kansans won’t know the exact mechanics until rulemaking is completed.
For readers, the practical implication is straightforward: the privacy impact of SB 372 depends less on the bill’s stated goals and more on the verification methods that get approved. A verification method that relies on third‑party checks could introduce new intermediaries and new risks, even if the app store itself promises minimization.
Expert perspective (as described in the bill text): The statute explicitly contemplates reliance on “commercially available” methods and AG‑compliant methods, signaling that age verification may involve established vendors rather than bespoke state infrastructure.
For readers, the practical implication is straightforward: the privacy impact of SB 372 depends less on the bill’s stated goals and more on the verification methods that get approved. A verification method that relies on third‑party checks could introduce new intermediaries and new risks, even if the app store itself promises minimization.
Expert perspective (as described in the bill text): The statute explicitly contemplates reliance on “commercially available” methods and AG‑compliant methods, signaling that age verification may involve established vendors rather than bespoke state infrastructure.
Jan. 1, 2027
Core obligations would take effect on and after this date if SB 372 is enacted, with age-verification methods set through AG rulemaking.
Developers aren’t off the hook: the second, quieter compliance regime
Public attention tends to focus on Apple and Google, but SB 372 also imposes obligations on developers. That matters because developers control in‑app experiences—and because Kansas is building a two‑layer system: store enforcement plus developer querying.
What developers would be required to do
Under SB 372, developers must submit requests to the app store to verify age category and, for minors, parental-consent status in several circumstances, including:
- When a user downloads or purchases an app
- When a user launches a pre‑installed app for the first time
- When a developer implements a significant change
- When needed to comply with law
The bill also instructs developers to use the “lowest age category” indicated by either app store data or developer‑collected data when implementing age-related restrictions or safety defaults. That is a subtle but consequential requirement: when in doubt, err younger.
- When a user downloads or purchases an app
- When a user launches a pre‑installed app for the first time
- When a developer implements a significant change
- When needed to comply with law
The bill also instructs developers to use the “lowest age category” indicated by either app store data or developer‑collected data when implementing age-related restrictions or safety defaults. That is a subtle but consequential requirement: when in doubt, err younger.
The practical consequence: more store‑developer signaling
The design suggests a more formal back‑and‑forth between developers and the app store regarding age and consent status. That could standardize controls across apps, which is attractive from a child safety perspective. It could also lead to deeper reliance on the store as an identity‑adjacent service—one more reason Apple and Google will treat this as more than a Kansas‑only compliance problem.
Where SB 372 forces app-store checks
- ✓Verify an account holder’s age category
- ✓Affiliate a minor’s account to a parent account
- ✓Collect verifiable parental consent for downloads
- ✓Collect verifiable parental consent for purchases
- ✓Collect verifiable parental consent for in‑app purchases
- ✓Notify and re-consent after a significant change
The politics and the pushback: why SB 372 will divide smart people
Almost every reader will agree on the premise: minors deserve special care online. The disagreement arrives when care is translated into enforcement.
The case for SB 372
Supporters can credibly argue that:
- App stores are leverage points. One set of rules at the store level reaches countless apps.
- Parents should control purchases and downloads. Requiring consent “each time” prevents stealth spending and impulsive installs.
- Developers can’t be trusted to self‑police consistently. A centralized consent mechanism reduces dependence on each app’s internal choices.
Kansas’ approach also fits a common legislative pattern: if the internet is too big to regulate at the edges, regulate the chokepoints.
- App stores are leverage points. One set of rules at the store level reaches countless apps.
- Parents should control purchases and downloads. Requiring consent “each time” prevents stealth spending and impulsive installs.
- Developers can’t be trusted to self‑police consistently. A centralized consent mechanism reduces dependence on each app’s internal choices.
Kansas’ approach also fits a common legislative pattern: if the internet is too big to regulate at the edges, regulate the chokepoints.
The case against SB 372
Opponents can credibly argue that:
- Universal age verification is effectively required. The bill’s logic pushes app stores to categorize everyone, not only minors, because enforcement depends on distinguishing minors from adults.
- Consent friction may punish ordinary behavior. Requiring repeated approvals could become a daily annoyance for families.
- Verification systems can create privacy risks. Even with minimization, the existence of age‑verification flows increases the number of sensitive interactions in the ecosystem.
Kansas’ legislative record also shows that opposition isn’t hypothetical. The House committee held separate hearings for proponents and opponents on consecutive days—March 3 and March 4, 2026—a sign that lawmakers expected serious contention.
- Universal age verification is effectively required. The bill’s logic pushes app stores to categorize everyone, not only minors, because enforcement depends on distinguishing minors from adults.
- Consent friction may punish ordinary behavior. Requiring repeated approvals could become a daily annoyance for families.
- Verification systems can create privacy risks. Even with minimization, the existence of age‑verification flows increases the number of sensitive interactions in the ecosystem.
Kansas’ legislative record also shows that opposition isn’t hypothetical. The House committee held separate hearings for proponents and opponents on consecutive days—March 3 and March 4, 2026—a sign that lawmakers expected serious contention.
March 3–4, 2026
Consecutive House committee hearings for proponents and opponents—signaling organized resistance alongside strong Senate support.
What it would mean for Kansas families—and for everyone else
Even if you don’t live in Kansas, SB 372 matters because app stores operate nationally. A state law that changes store mechanics can ripple outward, either through state‑specific flows or broader policy shifts.
Practical takeaways for parents
If SB 372 becomes law and is implemented as written, Kansas parents should expect:
- More frequent permission prompts for minors’ downloads and purchases
- A tighter linkage between a child’s account and a parent account
- More notifications tied to “significant changes” in apps
For parents who feel shut out of their kids’ app habits, that sounds like overdue leverage. For parents who already have good family systems, it could feel like mandated micromanagement.
- More frequent permission prompts for minors’ downloads and purchases
- A tighter linkage between a child’s account and a parent account
- More notifications tied to “significant changes” in apps
For parents who feel shut out of their kids’ app habits, that sounds like overdue leverage. For parents who already have good family systems, it could feel like mandated micromanagement.
Practical takeaways for adult users
Adults may experience the law indirectly. Because the bill requires app stores to verify age category, stores may roll out broader age‑verification flows that apply to everyone, then handle minors differently.
That raises basic consumer questions:
- What will the store ask you to provide?
- Who will process the verification?
- How long will that data persist?
SB 372’s minimization and encryption language speaks to these concerns, but the lived experience will be determined by the AG’s rules and by how Apple and Google implement compliance.
That raises basic consumer questions:
- What will the store ask you to provide?
- Who will process the verification?
- How long will that data persist?
SB 372’s minimization and encryption language speaks to these concerns, but the lived experience will be determined by the AG’s rules and by how Apple and Google implement compliance.
A real-world example: the “impulse download” and the “surprise update”
Consider two ordinary scenarios SB 372 is built to change.
- A 14‑year‑old sees a new game trending at school and taps “Get.” Under SB 372, the store must obtain verifiable parental consent before the download proceeds.
- A messaging app introduces a new feature that could qualify as a “significant change.” Under SB 372, the store must notify users, and for minors, notify parents and get renewed consent before access continues.
The bill is less about punishing bad apps than about changing routine moments into supervised ones.
- A 14‑year‑old sees a new game trending at school and taps “Get.” Under SB 372, the store must obtain verifiable parental consent before the download proceeds.
- A messaging app introduces a new feature that could qualify as a “significant change.” Under SB 372, the store must notify users, and for minors, notify parents and get renewed consent before access continues.
The bill is less about punishing bad apps than about changing routine moments into supervised ones.
Editor's Note
SB 372’s practical impact hinges on implementation: the Kansas Attorney General’s rulemaking will define what “verification” really means for privacy, friction, and security.
Conclusion: Kansas is testing a national question in state law form
SB 372 is a clear expression of a growing political instinct: when lawmakers can’t regulate every app, they regulate the store. The Kansas Senate vote—34–6—shows that instinct has momentum, at least in one chamber. The House hearings on March 3 and March 4, 2026 show the resistance is organized, too.
The bill’s strongest argument is structural: app stores are the only realistic enforcement layer that can standardize parental consent across millions of apps. Its most troubling feature is also structural: the only way to do that reliably is to make age verification routine, pushing platforms toward broader identity checks than many users have ever accepted in app marketplaces.
Kansas may not settle the debate. SB 372 does something more consequential: it converts a cultural argument—who should supervise minors online—into a systems question about verification, consent, security, and power. That is the kind of question that doesn’t stay local for long.
The bill’s strongest argument is structural: app stores are the only realistic enforcement layer that can standardize parental consent across millions of apps. Its most troubling feature is also structural: the only way to do that reliably is to make age verification routine, pushing platforms toward broader identity checks than many users have ever accepted in app marketplaces.
Kansas may not settle the debate. SB 372 does something more consequential: it converts a cultural argument—who should supervise minors online—into a systems question about verification, consent, security, and power. That is the kind of question that doesn’t stay local for long.
SB 372
A state-level template that could ripple nationally because app store mechanics and compliance systems tend to scale beyond one state.
T
About the Author
TheMurrow Editorial is a writer for TheMurrow covering explainers.
Frequently Asked Questions
What is Kansas SB 372?
Kansas Senate Bill 372, titled the “App Store Accountability Act,” is a proposal to regulate app store providers and app developers “with respect to minors.” It requires age-category verification and, for minors, parental consent before downloads and purchases. The Kansas Senate passed it 34–6 on Feb. 18, 2026, and it has been heard in a House committee.
Does SB 372 apply only to children’s accounts?
No. The bill’s structure requires app stores to determine whether an account holder is a minor, which implies broader age category verification across users. The law doesn’t work if only minors are checked, because the store needs a reliable way to distinguish minor accounts from adult accounts before applying parental-consent gates.
What exactly would parents have to approve?
For users determined to be minors, SB 372 requires verifiable parental consent each time the minor attempts to download an app, purchase an app, or make an in‑app purchase. The repeated “each time” requirement is a defining feature, designed to place parents at the decision point for installs and spending.
When would the law take effect?
In the amended text, the core obligations for app stores and developers are set to be effective on and after Jan. 1, 2027. The bill also directs the Kansas Attorney General to adopt rules for age-verification methods by a specified deadline, which varies across bill versions (the legislative text should be checked for the controlling date).
What is a “significant change,” and why does it matter?
SB 372 includes a “significant change” concept: when an app changes significantly, the app store must notify users. If the user is a minor, the store must notify the parent and obtain renewed consent before providing renewed access. The impact depends on how “significant change” is interpreted and operationalized by stores and developers.
What does SB 372 say about privacy and security?
SB 372 includes requirements aimed at limiting risk: app stores must protect age-category and verification data by collecting/processing only what is necessary and using industry-standard encryption during transmission. The privacy impact will also depend heavily on which verification methods the Kansas Attorney General approves through rulemaking and how app stores implement them.
