International consumer protection organizations release report focusing on dark patterns and transparency design

Recently, the International Consumer Protection and Enforcement Network (ICPEN) released its 2025 Mobile Online Gaming Enforcement Action Report. This joint enforcement operation involved 22 consumer protection agencies worldwide, focusing on a range of practices within gaming products that could harm consumers. These included loot boxes, virtual currencies, manipulative design techniques, and practices involving minors. The crackdown uncovered games employing urgency tactics to coerce players into purchasing items marketed as scarce or time-limited, despite these claims often being false. ICPEN investigations also revealed that loot boxes, in-game purchases, and in-game advertising are as prevalent in games rated for ages 3 and up as they are in games for other age groups. Furthermore, only 30% of loot box games disclosed this monetization mechanism on their game download platform pages.

This report not only exposes widespread consumer risks prevalent in the global gaming industry but also provides actionable benchmarks for national legislation, law enforcement, industry self-regulation, and platform governance. This article will summarize the key points of the report.

PART 1

Manipulative Design Techniques

This report defines manipulative design as “developers using interface, interaction, and psychological tactics to induce users into making decisions that benefit the developers while contradicting the players' original intentions.” The findings are primarily divided into two subcategories:

(1) Urgency Design

1.24% of games incorporate phrases like “limited availability” or “selling out soon” in their shops or pop-ups to create fear of missing out (FOMO).

2.38% of games feature “limited-time exclusive” or “flash sale countdown” mechanisms, some of which were technically verified as “fake countdowns”: after the timer ended, the event remained active with only the copy refreshed.

(2) Nagging Prompts

1. 60% of games use system-level push notifications or emails to remind players to “log in and claim daily rewards.”

2. 32% of games immediately display full-screen ads prompting players to “purchase extra lives/energy/power-ups” after failing a level.

Manipulative design refers to practices that mislead or coerce users into decisions contrary to their interests. Such practices are considered violations of consumer protection laws or unfair commercial practices regulations in many countries and regions. To ensure compliance, game developers should implement the following measures:

1. Maintain Transparency: Clearly disclose all in-game fees, subscriptions, or virtual item purchases. Avoid ambiguous or hidden information. For example, never automatically charge users without their explicit consent.

2. Respect user choice: Design should empower users to freely control their gaming experience, avoiding mandatory pop-up ads, non-cancelable subscriptions, or hidden exit options.

3. Prohibit Deceptive Design: Avoid “dark patterns” such as intentionally confusing button layouts or pre-checked paid options that may mislead users into unintended purchases.

4. Provide Clear Exit Paths: Ensure users can easily cancel subscriptions or exit paid services without encountering complex barriers.

PART 2

Disclosures

App Store Page Disclosures:

84% of games prominently state “Includes in-app purchases” on their store pages.

Only 14% disclose “Includes loot box mechanics” on store pages, while actual inspections revealed 46% of games incorporate loot boxes—a disclosure gap of 32 percentage points.

Disclosure deficiencies occur when games fail to provide sufficiently clear or accurate information, leading users to make decisions without full knowledge. Laws and guidance documents worldwide (e.g., U.S. FTC guidelines, EU consumer protection regulations) mandate transparent disclosure. Key areas to address include:

1. Identify paid content: All features, items, or services requiring payment must be prominently labeled within the game. For example, display full pricing and content details before users click to purchase.

2. Distinguishing advertising content: Advertisements or sponsored content within the game must be clearly labeled as “Advertisement” to prevent users from mistaking them for native game content.

3. Disclosing privacy information: Provide a concise privacy policy explaining how the game collects and uses user data. Ensure the policy is easily accessible during registration or first use.

4. Timely notification of changes: Notify users in advance of any changes to game fees, features, or terms. For example, inform users of subscription price adjustments via pop-ups or emails.

5. Avoid Hidden Terms: All critical information (e.g., refund policies, subscription cycles) must be prominently displayed and not buried within lengthy text.

PART 3

Virtual Currencies

Among the surveyed games, 78% incorporate some form of virtual currency. Within this group, 36% appear to sell currency bundles that do not align with the most frequently purchased in-game items. This discrepancy may result in players being unable to utilize their remaining virtual currency unless they make additional in-game purchases.

The survey also revealed that among games utilizing virtual currencies, only 2% offered players the option to “cash out” or exchange virtual currency back into real-world money. Furthermore, just 7% of games provided players with the ability to track their virtual currency spending history.

Virtual currencies used as payment tools within games must comply with overseas anti-money laundering (AML), counter-terrorist financing (CTF), and consumer protection regulations. Specifically:

1. Clearly state rules: Provide policies for purchasing, using, and exchanging virtual currencies, including pricing, exchange rates, and restrictions. For example, specify “1 USD = 100 game coins.”

2. Comply with regulations: Monitor virtual currency flows in accordance with local laws (e.g., U.S. Financial Crimes Enforcement Network FinCEN requirements) and submit reports when necessary to prevent money laundering.

3. Prevent misleading practices: Avoid exaggerating the value of virtual currency or concealing usage restrictions, ensuring users clearly understand its actual purpose.

PART 4

Loot Boxes

Among the games containing loot boxes surveyed, 62% self-labeled themselves as “suitable for children” in app stores. However, as mentioned earlier, the fact that games contain loot boxes is rarely disclosed on download platforms in most cases. Furthermore, among games featuring loot boxes, 55% did not display the probability of winning items from them.

Due to their random nature, loot boxes are often considered gambling activities and must comply with national gambling regulations and consumer protection requirements (e.g., EU Gambling Directive, U.S. state laws, South Korea's Game Industry Promotion Act). Key compliance considerations include:

1. Disclose paid nature: Clearly indicate that loot boxes require payment and list the types of items that can be obtained to avoid misleading users.

2. Publish win probabilities: Display the actual odds for each item, e.g., “Rare item probability: 1%,” to meet transparency requirements.

3. Avoid gambling characteristics: Do not offer cash rewards or directly tradable virtual items to prevent classification as gambling. For example, items should be restricted to in-game use only.

4. Limit excessive spending: Based on product characteristics (e.g., simulation gambling-like products), set purchase limits or consumption alerts to prevent user addiction or overspending.

PART 5

Protection of Minors

Although most surveyed games carry age ratings, these classifications appear unaffected by loot boxes, in-game purchases, and in-game advertisements. These items/practices appear with equal frequency in games rated for ages 3 and up as in those rated for ages 12 and up. Thus, age ratings alone seem insufficient to protect minors from these practices or to inform their parents of their presence in games.

Furthermore, only a small fraction of the games in this study featured parental controls or other measures designed to protect minors. Among those with parental controls, 44% had settings and enforcement mechanisms that were relatively easy to bypass.

Minor protection is a key focus area in international legislation (e.g., the U.S. Children's Online Privacy Protection Act (COPPA), EU GDPR), aimed at shielding children from inappropriate content and risks. Key considerations include:

1. Age Verification: Use identity verification tools (e.g., date of birth input) to restrict minors' access to adult content or paid features.

2. Content Rating: Classify game content according to local standards (e.g., ESRB, PEGI) to ensure minors only encounter age-appropriate material.

3. Parent Tools: Develop parental control features such as spending limits, playtime restrictions, or blocking inappropriate content.

4. Protect privacy: Strictly limit collection of minors' personal information, complying with COPPA and GDPR requirements. For example, data from children under 13 must not be collected without parental consent.

5. Educate users: Incorporate cybersecurity and healthy gaming tips within the game to raise awareness among minors and their parents.