Sensitive data about children was left out in the open by controversial tracking app Teen Safe
Spying on your children through monitoring apps is a grey area, ethically speaking.
If you’ve seen Black Mirror’s Arkangel, you can imagine a gruesome consequence of their use. There’s even evidence to back up the idea that monitoring apps drives a toxic wedge between you and your teen, yet despite all this, monitoring apps remain popular.
Now, beyond the moral implications, there appears to be an even more serious security implication that doesn’t include parent-teen bonds at all, as ZDNet has exclusively revealed that thousands accounts on monitoring app Teen Safe may have been compromised.
According to the site, at least one of the servers Teen Safe used to host parent and child accounts was accessible by anyone, without the need for a password. Two of these ‘open’ servers – one seemingly used for test data – were subsequently pulled offline after ZDNet alerted the Los Angeles-based company of the security flaw.
The app gives parents access to teens’ text messages, deleted messages, iMessages, including messages on WhatsApp and Kik, as well as browser history, call logs, installed third-party apps and even the phone’s current GPS location.
The data was stored in the server in plaintext and could have given anyone with malicious intent access to the child’s Apple ID, plus the parent’s username and password.
Shockingly, in order for parents to use the app, they already have to make their child’s device less secure. On its website, Teen Safe previously said two-factor authentication needs to be disabled on a child’s device for the app to be enabled. With it turned off, all someone needs to do to gain access to the child’s sensitive data is just enter in their Apple ID and password.
READ NEXT: Two-factor authentication explained
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a Teen Safe spokesperson told ZDNet.
The report goes on to say that around 10,200 accounts were freely accessible to the public, despite the website claiming that it uses encryption to scramble the data.
Forgetting the security flaw for a second, and you realise that the Teen Safe app is pretty dubious in itself. While Teen Safe’s website encourages parents to tell their children they’re being monitored, it also says that legally, parents aren’t required to do so. Is that right? It’s a discussion we’ve had before, and it’s one we’re likely to have again as more and more technological parenting solutions are implemented into homes.