A photo ID, and possibly even a biometric selfie, may be required to use the Google and Apple app stores in Texas next year. The Texas App Store Accountability Act, recently signed into law by Gov. Greg Abbott, gives the big tech players the remainder of 2025 to figure out how they will implement age verification to prevent children from accessing potentially harmful content.
The app store law is the second of its type in the US, behind a similar regulation passed in Utah in March. But the new Texas law goes farther than simple age verification, also requiring parents to demonstrate that they have the legal authority to make decisions for their children.
New age verification laws spark privacy and free speech concerns
The new Texas law will require app stores to implement age verification for all users, something that will almost certainly involve uploading a photo ID to Google or Apple and may additionally involve taking a selfie for biometric purposes. Users will then be sorted into “age categories” that are shared with app developers: child, young teenager, older teenager or adult. Users that do not age verify will likely, at least at minimum, be restricted from downloading new apps or making in-app purchases (if not denied access to the app store entirely).
The usually data-hungry Google has come out against these age verification bills, as has Apple. Both companies likely do not want the expensive responsibility of setting up ID verification systems and having to securely store a sudden mountain of sensitive data (and turn away privacy-sensitive customers), and are instead pushing some alternative proposals that would limit ID checks to apps that require it for some legitimate purpose. Apple has said it has an “age assurance” feature in development that would allow parents to securely share the age of children directly with app developers, without requiring collection of a photo ID. Apple CEO Tim Cook personally called on Abbott to veto the Texas bill, to no avail.
However, other social media companies — largely those that do not operate their own app stores — have issued statements in favor of centralizing age verification. Meta’s Mark Zuckerberg is the leading voice in this camp thus far, though it is unclear if the rules will apply to Facebook’s own “App Center” and Zuckerberg seems to believe Apple and Google will be the ones taking on the central responsibility of ID checks. Snap and X, each of which also do not offer their own apps, have also issued statements in favor of the idea of foisting the responsibility onto the two mobile OS giants.
In criticizing the similar app store law passed by Utah in March of this year, some legal scholars have noted that First Amendment rights may come into play. Prior rulings have established that national free speech rights include the right to access “public forums” without this type of identity gatekeeping, something that social media, news and other apps represent. Additionally, rulings have noted that it is virtually impossible to separate the process of age verification from personally identifying the subject. Prior attempts to impose age verification schemes on multiple social media apps in multiple states have been enjoined by federal courts, and the state attacks on app stores are seen by some as a legal end-around that violates the spirit of those decisions.
App store ID checks remain on pause, face challenges
Utah itself was one of the states that tried to pass a law requiring that social media sites start implementing age verification, only to have it blocked by a federal court within months. Utah governor Spencer Cox signed off on that bill in early 2024, and was met by a collection of lawsuits culminating in a federal judge issuing an injunction against it in September of that year. That followed another similar attempt in 2023 that was ultimately ruled unconstitutional.
California, Arkansas, Ohio, and Mississippi are among other states that attempted to pass similar social media age verification laws and ultimately had them enjoined by a federal court.
Despite this string of failed efforts, another bill is currently working its way through the Texas government that would ban those under the age of 18 from social media apps altogether. That bill has passed the state House of Representatives and is awaiting a Senate vote.
Some federal lawmakers are looking to put the onus of child safety on app developers rather than app stores. The Kids Online Safety Act (KOSA) would establish a “duty of care” requirement for social media platforms forcing them to increase proactive efforts to ensure the safety of minors, such as mandating default privacy settings for underage users and implement mitigation programs for certain known harms that can proliferate there such as bullying and eating disorders. The bill does not require ID checks for age verification, despite seeming widespread misunderstanding and misinformation online. Criticism of the bill has focused more on what would likely be mandatory algorithmic suppression or posting bans on certain topics, which could lead to censorship and the chilling of speech for all users.
Joe Kaufmann, Global Head of Privacy & DPO at Jumio, notes that age verification might be workable if the app stores can guarantee that personally identifiable information will not be stored once the user is verified: “The Texas App Store Accountability Act reflects a broader shift in how trust and identity are managed online. While aimed at protecting minors, it highlights the growing need for reliable and responsible identity verification across all age groups. One promising direction is the use of managed identities — unique, persistent identifiers that confirm verification without storing or sharing sensitive personal data unnecessarily. Just like a hand stamp at a club or a bracelet at a festival, a persistent identifier of verification can signal eligibility without additional sharing or retention. Incorporating third-party identity management and verification services consolidates responsibility while limiting the need for persistent sharing of personal information. As more states consider similar legislation, platforms have an opportunity to lead with technologies that balance compliance with user privacy. Done right, these systems can create safer, more transparent online experiences while minimizing data exposure.”

