According to security researchers at Cybernews, popular child tracking apps that have clocked millions of downloads on the Play Store have gaping security holes. Some apps exposed kids’ information to unauthorized viewers, while others had trackers that also spied on the parents. “[These apps are] essentially a backdoor into your child’s phone, which at a minimum will be collecting reams of data on them,” Jason Glassberg, co-founder of Casaba Security, told Cybernews, “and in a worst-case scenario could be doing things that are much more malicious.”
Hunting the Hunter
The researchers analyzed 10 child-monitoring apps in the Google Play Store, each with well over a million downloads. They used the Mobile Security Framework (MobSF) security analysis tool to evaluate the security and privacy of each of the apps. All apps scored poorly and were found to contain third-party trackers, which can abuse the tracked data for malicious means. “That means that both parties, parents and children alike, have their data collected,” noted the researchers. “Hardly a surprise, given that a violation of privacy is the app’s primary goal.” On top of that, the researchers discovered malicious links in four of the analyzed apps, which they said could lead people to websites with malware. The researchers point to a 2021 survey that found over half of the American respondents used such apps to keep tabs on their children’s internet activity. Dimitri Shelest, CEO and founder of online privacy company OneRep, believes working parents have to rely on technology to keep an eye on their kids. In an email exchange with Lifewire, he advised parents to be hyper-aware and vigilant about the tech they choose to do so. Stephen Gates, Security Evangelist at Checkmarx, suggests parents should thoroughly investigate the app developers before homing in on an app. “Search [for] the vendor name, look at Q&A and privacy pages on the vendor websites, email the company and ask about their application security and privacy practices: What data do you keep? Do you sell users’ data?” advised Gates in an email discussion with Lifewire. Since all 10 apps with dodgy security practices were found on the Google Play Store, Shelest believes parents should use the opportunity to pressure the tech giant to provide broader abilities on their platform to support parents with more advanced infrastructure. “This could include a more stringent vetting process for back-end app security as well as a wider array of reputable 3rd-party apps to have deeper, trusted access,” said Shelest.
Educate the Children
Given the security lapses in these apps, the researchers suggested the benefits of keeping tabs on children dwarfed in front of the hazards of using such child monitoring apps. In fact, Karim Hijazi, CEO of cyber-intelligence company Prevalion, thought of them as a trojan, telling Cybernews that not only do the apps have access to a child’s browsing activity, communications, friends, and more, but they can also track their real-time location. Of course, at the end of the day, it’s up to the parents to decide whether installing a potentially harmful app on their child’s smartphone is worth the risk. Both our experts believed that parents should curtail the use of these apps and instead take time to explain to their children how to use technology responsibly. “The very first step is to offer a bit of training as a parent to your child,” suggested Gates. “There are good instructional videos about safe internet and social media use, as a starting point.” Shelest believes an important aspect of parenting in the digital age is to teach children safe online habits, which won’t just protect them now, but will also equip them with the skills to safeguard their digital privacy in the years ahead. “As a parent, [it’s never] too early to build open dialogue and trust with your kids, making such conversations successful,” opined Shelest.