Child-tracking apps found to be spying on parents and children
Cybernews evaluated ten popular child-tracking Android apps with over 85 million cumulative installations and discovered that the apps can spy on parents. Some of them even contain links to malicious sites. No app received the highest grade for privacy or adhered to the highest security standard. According to the new report, only one app, which goes by the name Pingo by Findmykids, achieved a Mobile Security Framework (MobSF) score of more than 50. But its score of 53 isn’t quite up to the mark either. MobSF scores range from zero to 100, with a higher number indicating a more secure system. An app called Phone Tracker by Number achieved a score of just 25. Interestingly, with over 50 million installations, this was the most installed app among the ten tested during this research. Worse yet, it received the lowest privacy grade as well, indicating a “critical risk”. The MobSF privacy grades range from A to F, with A indicating the highest level of privacy. Seven of the tested apps received a B grade while two were awarded Cs. The new report notes that the Phone Tracker by Number app ranks 47th in the top free apps in the social category in the US. Along with the poor implementation of privacy and security measures, it has numerous other loopholes. It allows other apps on the device to access its information. This enables threat actors to know the location of a child that a parent is tracking. This app is vulnerable to man-in-the-middle (MITM) attacks, researchers concluded. Family Locator – GPS Tracker & Find Your PhoneApp, Family GPS tracker KidsControl, and FamiSafe: Parental Control App are also vulnerable to MITM attacks. The report notes that developers may change the names of the apps on the Google Play Store.
These apps also contain third-party trackers and malicious links
These parental control apps were also found to contain third-party trackers as well as malicious links. All ten apps have third-party trackers bundled within, allowing unauthorized access to parent and child data. Any information, such as accounts, passwords, location, and shared media, could be exposed to third parties. Moreover, these apps also store hard-coded application programming interface (API) keys. According to the report, “API keys are used for authentication purposes, to allow apps to recognize individual users and vice versa. Storing API keys can lead to security issues if a threat actor finds a way to access them”. The report says some of the hard-coded API keys might be responsible for protecting user data as well. Losing these keys to threat actors might compromise sensitive information. Last but not least, four of the analyzed apps contained malicious links. While the apps may not necessarily be infected with malware, the presence of those links is still worrisome. They may lead users to websites with malware. This finding paints a scary picture. The apps that parents are hoping to keep their kids safe online are opening back doors to the darkness of the internet. This may allow unauthorized access to their information, compromising their security and privacy. A security researcher suggested that apps from independent developers might not be the best solution for parental control. These developers may lack robust software development programs. As such, they utilize third-party code from open-source libraries, which may have privacy and security holes. If you’re using any of the apps mentioned in this article for keeping tabs on your kids, you might want to switch to a more secure one. Make sure to do the proper research before downloading. You can look for online reviews as well as reports from users.