Mobile child protection app fails at protecting data


In May 2018, UK-based security researcher Robert Wiggins discovered that the mobile app TeenSafe, marketed as a secure app for iOS and Android, was storing data it collected on servers hosted on Amazon's cloud without a password and openly accessible. The app lets parents monitor their children's text messages, location, browsing history, and apps, as well as who they called and when, and does not require parents to obtain their children's consent. The insecurely stored 10,200 records included the parents' email address and the children's Apple ID email addresses and plaintext passwords (though no images or location data); because the app requires two-factor authentication to be turned off, those details would be enough to let an attacker break into the child's account and access their personal data.

Writer: Zack Whittaker

Publication: ZDNet

See more examples
Related learning resources