Are child-monitoring apps taking advantage of parents’ concern for their kids? According to a new report from the Cybernews research team, some are. Android parental-control apps with over 85 million installations are not only monitoring children, but they’re also keeping tabs on their parents, too.
The investigation discovered that four in 10 popular child-monitoring apps feature malicious links. What’s worse is that none of the apps received a high privacy grade.
The child-monitoring apps that are tracking parents, too
The Cybernews research team analyzed 10 child-monitoring apps found in the Google Play Store. Each app was installed at least one million times; the most popular of the group garnered a whopping 50 million downloads.
Cybernews used the Mobile Security Framework (MobSF) benchmark, a common security analysis tool, to determine the apps’ privacy and security fitness. The score ranges from zero to 100; 100 represents the best score one can get. Below, you’ll find the list of apps Cybernews analyzed in order of their MobSF score (from worst to best).
1. Phone Tracker by Number – 25
2. FamiSafe: Parental Control App – 30
3. Find my kids: location tracker – 36
4. My Family locator, GPS tracker – 41
5. MMGuardian App for Child Phone – 43
6. Family Locator – GPS Tracker & Find Your Phone App – 43
7. MMGuardian Parent App – 44
8. Find my Phone. Family GPS Locator by Familo – 45
9. Family GPS tracker KidsControl – 47
10. Pingo by Findmykids – 53
Phone Tracker by Number scored the worst with 25 points and Pingo by Findmykids had the best with 53 points, but keep in mind that 53 is still a mediocre score. All apps contain third-party trackers, which isn’t ideal. If the companies aren’t honest, they can use that data for malicious means.
Seven of the 10 apps received a B for privacy, two were slapped with C, but Phone Tracker by Number got a big ol’ F. It has the lowest grade, but has one of the highest volumes of installations (over 50 million). It also is among the top 50 free apps in the social category on Google Play.
“Due to an insecure implementation of the Secure Sockets Layer (SSL) certificate handling, [Phone Tracker by Number] is vulnerable to man-in-the-middle (MITM) attacks. These intrusions appear when attackers insert themselves between the data sender and receiver.” In other words, the developers behind the Phone Tracker by Number, or threat actors, could spy on the data traffic flowing through the app.
Not only can these child-monitoring apps breach your child’s privacy, but they can reveal their information to unauthorized viewers. To put it into perspective, if your kid sends a sensitive photo, the apps may have access to it. Heck, anything that’s been shared with the app — passwords, accounts, personal info — can be exposed in a breach. Parents get caught into this security-vulnerability whirlwind, too.
“Both parties, parents and children alike, have their data collected,” Cybernews said, adding that this is hardly a surprise because violating privacy are the apps’ forte.
To add salt to the wound, Cybernews investigators discovered malicious links in four of the 10 apps: FamiSafe: Parental Control App, Phone Tracker by Number (of course), Find my kids: location tracker, and Family GPS tracker KidsControl. This means that the links, at the very least, can lead users to websites with malware.
How parents can protect their kids moving forward
Cybernews consulted with Jason Glassberg, cofounder of Casaba Security, and Karim Hijazi, CEO of Prevalion, a cyber-intelligence company. Both Glassberg and Hijazi agree that the hazards of tracking one’s kids with a child-monitoring app outweigh the benefits of keeping tabs on them
“By installing this type of app on the child’s phone, you’ve essentially embedded a fully capable trojan on their most personal of devices, which, in addition to having access to their browsing activity, communications, friends, etc, can also track their real-time location,” Hijazi said.
If parents still feel compelled to monitor their children, Chris Hadnagy, CEO of cybersecurity firm Social-Engineer, suggests that parents sift through reviews of their desired apps before downloading them. You should also keep your devices fortified from malware by installing one of the best antivirus apps on the market.