How SB2420 creates a digital checkpoint for every app download starting January 2026
If you live in Texas and want to download a weather app, check sports scores, or access your public library’s e-book collection starting January 1, 2026, you’ll need to prove your age first. And if you’re under 18, you’ll need explicit parental permission for every single download.
This isn’t an exaggeration—it’s the reality of Texas Senate Bill 2420, also known as the App Store Accountability Act, which Governor Greg Abbott signed into law in May 2025.
Texas SB2420: Complete Compliance Guide for App Stores and Developers
What Does the Law Actually Require?
The Texas App Store Accountability Act mandates that app stores like Apple’s App Store and Google Play verify users’ ages using “commercially reasonable methods” during account creation, categorizing users into four age groups: children (under 13), younger teenagers (13-15), older teenagers (16-17), and adults (18+).
Here’s what this means in practice:
For Adults:
- New Apple Account holders in Texas will be required to confirm whether they are 18 years or older- The law doesn’t specify exactly how age verification will work, but it could require government IDs or other personally identifiable information
For Minors (Under 18):
- All users under 18 must join a Family Sharing group, with parents or guardians providing consent for every App Store download, app purchase, and in-app transaction- Parents must verify their own age and relationship to the minor- Each app download requires separate parental approval
The Scope Is Breathtaking—And That’s the Problem
Unlike age verification laws for adult websites, which target specific types of content, this law applies to all applications regardless of whether they target or are directed to minors.
The law applies to nearly all apps, including those providing access to newspapers, public libraries, and the Bible.
Both Apple and Google have expressed serious concerns about the privacy implications. Apple stated it is “concerned that SB2420 impacts the privacy of users by requiring the collection of sensitive, personally identifiable information to download any app, even if a user simply wants to check the weather or sports scores.”
Google emphasized that apps like weather services shouldn’t need access to a user’s age data, warning that “this level of data sharing isn’t necessary—a weather app doesn’t need to know if a user is a kid.”
The Real-World Impact: A Library Card Becomes a Privacy Nightmare
The recently filed lawsuit against the law provides a stark example of how this will work in practice:
A 14-year-old trying to access books from the Austin Public Library would first have to establish her own age, then tether her account to a parent’s account, who would need to establish their identity and relationship to the minor and provide consent, and finally wait for the parent to provide consent for the app. Each e-book borrowed would require separate approval.
Other apps cited in the lawsuit that will be affected include:
- Substack (news and newsletters)- YouVersion Bible App- InstaRabbi (religious resources)- Spotify (music streaming)- Texas Longhorns app (university sports)
The Privacy Risks Are Real
Google warned that requiring app stores to share age verification data with millions of individual app developers “raises real privacy and safety risks, like the potential for bad actors to sell the data or use it for other nefarious purposes.”
These concerns aren’t theoretical. Just recently, Discord suffered a major age verification data breach that exposed 70,000 user IDs.
Under the Act, developers must delete any personal data received from the app store after completing the required verification process and may not retain it for other uses. However, enforcement of these requirements remains to be seen.
Tech Industry Files Constitutional Challenge
On October 16, 2025, the Computer & Communications Industry Association (CCIA), which represents over 1.6 million workers in the tech sector including Apple and Google as members, filed a lawsuit in federal court challenging the law as unconstitutional.
CCIA argues that the law “violates the First Amendment by restricting app stores from offering lawful content, preventing users from seeing that content, and compelling app developers to speak of their offerings in a way pleasing to the state.”
The lawsuit describes the Texas law as a “broad censorship regime” that requires anyone under 18 to obtain parental consent for nearly every app and in-app purchase, with sensitive personal documentation or biometric information required for all users.
Heavy Penalties for Non-Compliance
The Act classifies all violations as deceptive trade practices under the Texas Deceptive Trade Practices-Consumer Protection Act (DTPA), opening the door to enforcement actions by the Texas Attorney General as well as potential private lawsuits by consumers or guardians.
The Texas Attorney General may recover up to $10,000 per violation, while private litigants may obtain economic damages, injunctive relief, and attorney’s fees.
Requirements for Developers: A Compliance Nightmare
The law doesn’t just affect app stores—it creates extensive obligations for every app developer:
Developers must assign an age rating to each of their applications and provide both the rating and a description of the specific content that led to the rating to every app store where their application is available.
Unlike other state privacy laws which apply only if a business meets certain thresholds for revenue, number of customers, or amount of data shared, the Act has no such minimum requirements—it applies to any developer that offers its application to Texas residents, regardless of the developer’s size or business volume.
This Is Just the Beginning: A National Trend
Texas isn’t alone. Utah passed a similar App Store Accountability Act (effective May 7, 2025, with compliance required by May 6, 2026), and Louisiana’s HB 570 was signed into law on June 30, 2025 (effective July 1, 2026).
More than a dozen other states are considering similar bills.
Each state has slightly different requirements, creating a patchwork of compliance obligations that will be incredibly burdensome for developers:
Utah’s Law:
- Includes an explicit private right of action, allowing parents to sue app stores and developers, potentially recovering $1,000 per violation or actual damages, plus attorneys’ fees- The private right of action takes effect December 31, 2026
Louisiana’s Law:
- Explicitly rejects safe harbor protections for developers who rely in good faith on app store-provided information
Texas’ Law:
- Defines violations as “deceptive trade practices,” raising the possibility of private litigation
What Happens Next?
The legal challenge filed by CCIA will test whether these laws can survive constitutional scrutiny. The lawsuit argues that strict scrutiny should be applied, requiring Texas to show the rule was made as narrowly as possible to serve a compelling state interest.
CCIA also argues that “the verification and consent provisions are far from the least restrictive alternative to achieve the State’s goal, given that app stores already provide tools to allow parents to restrict what their children access on their devices, and many apps already include verification and consent tools tailored to particular services.”
However, Texas achieved a major victory earlier this year when the Supreme Court ruled 6-3 in Free Speech Coalition v. Paxton that a Texas law requiring pornography websites to verify users are over 18 is constitutional. That precedent could influence the outcome of this case.
The Bottom Line
Starting January 1, 2026, every new app store user in Texas—whether they’re downloading TikTok or a weather widget—will need to prove their age. For minors, every app download becomes a negotiation with parents.
This law effectively gives developers “actual knowledge” of the age range of users and significantly expands compliance obligations by requiring age verification for all applications, without regard to the type of application or its intended audience demographic.
Whether this law survives legal challenge remains to be seen. But one thing is clear: the era of simply downloading an app without proving who you are is ending—at least in Texas, Utah, and Louisiana, with more states likely to follow.
The question we should all be asking: Is protecting children online worth creating a massive surveillance infrastructure that requires ID verification for every single app—even a weather app? And once this data infrastructure exists, what else might it be used for?
This article will be updated as the legal challenges progress and more information becomes available.
Key Takeaways
✓ Effective Date: January 1, 2026 (Texas) | May 6, 2026 (Utah) | July 1, 2026 (Louisiana)
✓ Applies To: ALL apps on Apple App Store and Google Play for users in these states
✓ Adults: Must verify age to create new accounts
✓ Minors: Must have parent account linkage and get approval for EVERY download and in-app purchase
✓ Privacy Concerns: Requires collection of sensitive personal information for all apps, even innocuous ones
✓ Legal Challenge: CCIA filed lawsuit October 16, 2025, arguing the law is unconstitutional
✓ National Trend: Dozen+ states considering similar legislation
Have thoughts on this law? Concerned about your privacy? The debate is just beginning.