TeenSafe is the widely known phone monitoring app used by parents to scout on their children. This app is available for both Android and iOS and statement itself as a “protected” monitoring app. This app allow parents to keep track of their kid’s movement on their Smartphone like track their location, text message, phone logs, web browsing history and checking that which app they have installed. But recently it suffered from colossal data contravene. According to report by ZDNet, app left its server open to attack that providing access to everyone without authentication.
One of the researchers found the default.
A security researcher of U.K. named Robert Wiggins found that two TeenSafe servers were bare and disclosing the passwords and all the data of some of the users of monitoring service. Out of these two servers, one of the servers contains only test data while other includes kid’s Apple ID email addresses and passwords, with parents email id. All the messages, locations were exposed and information on the server was stored in plaintext with no encryption.
What’s concerning about this leak?
The way of working of TeenSafe is especially concerning; it requires two factor authentications should be disabled on iOS device in order to allow parents monitor their child’s activities, which provides the way to attacker to use child’s Apple ID and passwords to gain access to their accounts.
TeenSafe asserts on its website that it encrypts date and it is safe from any kind of breach.
TeenSafe who earlier claims that they have above one million parents using their service has now said that it has shutdown the server and given the warning to the customers those who may get affected. ZDNet claims that around 10,000 records were found on the server from last three months having customer data and publication also claim that out of those records are duplicates.
Not the first time.
This is not the first time that TeenSafe’s authenticity is questioned and therefore it is understandable.
Question to children’s privacy and parent’s responsibility
This invasion nature of TeenSafe and all other child monitoring has given them a dubious status. The app like Teensafe which are teen monitoring have always ignite the debate around the issues like parental responsibilities and rights and invasion of children’s privacy. The fact that these app stored the passwords and all the date as plaintext in an insecure data base will certainly is not going to improve this view.