In this particular age of the Internet, parents are more concerned than ever as to what their kids may be exposed to online. In an effort to mitigate the risk, whether this effort may be misguided or not, some parents have turned to tracking applications. The purpose of these apps is to monitor the online behavior of any user on a specific device via what some (including myself) consider serious invasions of privacy. Such invasions of privacy can open a Pandora’s box should the accounts associated with the app become compromised. It is this reality that users of the popular monitoring application TeenSafe are dealing with according to recent reports. As confirmed by a report via ZDNet, TeenSafe experienced a massive data leak of account information. (TeenSafe is far from alone in leaking data to the Internet.) The source of the leak is a rather brash display of human error as the servers that leaked the account data were hosted on Amazon’s cloud “unprotected and accessible by anyone without a password.” Once the server issues were reported by UK security researcher Robert Wiggins, TeenSafe pulled the servers offline.
According to ZDNet, this is the data that was leaked:
The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name -- which is often just their name -- and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.
With over a million users, not only does TeenSafe have a PR nightmare on its hands, but the sensibility of such monitoring applications is again being called into question. Any app that is on a device should be given as few permissions as possible to function to protect the user and their data. But this is something that cannot be avoided with spying apps. By using these applications to spy on their children, parents may be endangering them by opening their kids’ data up to hackers or other malicious actors. It’s a strange dichotomy — something that is intended to protect does more harm than good.
I’m not going to tell any parent how to do their job, but I would strongly advise rethinking your strategy when it comes to your teens on the Internet. There are better ways of going about things than using apps that are far riskier than your child merely browsing the Internet. With decent knowledge anyone can be relatively safe online; it just takes a little work. Taking the shortcut with an intrusive application like TeenSafe is not the way to go about it.
Featured image: Flickr / g4ll4is