In news that would have been shocking were we not already aware of our terrible global cybersecurity practices, many child tracking applications for Android are laden with a great number of security loopholes.
Of course, when I say child tracking apps (which is a very creepy term out of context), I’m referring to applications that parents use in order to keep a lookout for their children. Think baby monitors, but accessible via a Samsung or Huawei. Turns out, perhaps the analog variety is much safer to invest in and rely upon. Then again, almost any form of technology has some inherent weakness nowadays. The worrying parts are that a) our children, our literal youth are being affected by this; and b) Android and Google have clearly done little to nothing in terms of bolstering app store security. The apps that were discussed in this study aren’t exactly unknowns either, with each one rounding up to over hundreds of thousands of downloads. With all of that in mind, it seems that app store security has tipped over the line between indolent irresponsibility and frank harm.
The study itself was conducted by CyberNews: their team of researchers decided to test ten popular child safety apps accessible via Android, running three separate security tests and publishing their findings. First up is the Mobile Security Framework (MobSF) Score: this has apps being run through an open-source software that conducts thorough security checkups. With the maximum MobSF Score that an app can get being a hundred, surely some of these so-called safety apps could even land on the halfway mark, yes? Well, with a singular exception, not at all. The only app that landed above a fifty (fifty-three, to be specific) was an app named Pingo. Six applications landed in the forties range, two in the thirties, and a singular embarrassing app named Phone Tracker (hilarious), landed at twenty-five. Mind you, each single application was downloaded at least over a million times. Phone Tracker, landing dead last, has over fifty million downloads.
The second test involved has no elaborate name: it’s simply checking apps for malicious links. Turns out, even this simple security protocol was ignored by four apps. FamiSafe harbored a total of two malicious links, but our most-downloaded champion Phone Tracker was not to be flagrantly outshined, and was discovered to be hosting one. Again, this is basic security, what exactly were these app developers thinking? I suspect nothing short of making as much money as possible, as fast as possible.
Funnily enough, the third test was checking these safety apps for trackers. Of course, tracking children is the main point of these applications, so why the hustle? Well, because the trackers being tested for are third-party ones; i.e., ones that can harvest both a child’s location as well as the parents’ data and sell them to literally anyone. All of our applications had third-party trackers, with the minimum being two in the Family GPS app, and the maximum being nine in Find My Kids and the Family Locator apps. Phone Tracker decided to take the middle road with a humble six, how very kind of it.
Cybersecurity’s always been in dire straits, but such apps highlight the difference between mistakes and a frank level of incompetency bordering on stupidity.
Read next: New Study Reveals Serious Privacy Concerns in Period Tracking Apps
Of course, when I say child tracking apps (which is a very creepy term out of context), I’m referring to applications that parents use in order to keep a lookout for their children. Think baby monitors, but accessible via a Samsung or Huawei. Turns out, perhaps the analog variety is much safer to invest in and rely upon. Then again, almost any form of technology has some inherent weakness nowadays. The worrying parts are that a) our children, our literal youth are being affected by this; and b) Android and Google have clearly done little to nothing in terms of bolstering app store security. The apps that were discussed in this study aren’t exactly unknowns either, with each one rounding up to over hundreds of thousands of downloads. With all of that in mind, it seems that app store security has tipped over the line between indolent irresponsibility and frank harm.
The study itself was conducted by CyberNews: their team of researchers decided to test ten popular child safety apps accessible via Android, running three separate security tests and publishing their findings. First up is the Mobile Security Framework (MobSF) Score: this has apps being run through an open-source software that conducts thorough security checkups. With the maximum MobSF Score that an app can get being a hundred, surely some of these so-called safety apps could even land on the halfway mark, yes? Well, with a singular exception, not at all. The only app that landed above a fifty (fifty-three, to be specific) was an app named Pingo. Six applications landed in the forties range, two in the thirties, and a singular embarrassing app named Phone Tracker (hilarious), landed at twenty-five. Mind you, each single application was downloaded at least over a million times. Phone Tracker, landing dead last, has over fifty million downloads.
The second test involved has no elaborate name: it’s simply checking apps for malicious links. Turns out, even this simple security protocol was ignored by four apps. FamiSafe harbored a total of two malicious links, but our most-downloaded champion Phone Tracker was not to be flagrantly outshined, and was discovered to be hosting one. Again, this is basic security, what exactly were these app developers thinking? I suspect nothing short of making as much money as possible, as fast as possible.
Funnily enough, the third test was checking these safety apps for trackers. Of course, tracking children is the main point of these applications, so why the hustle? Well, because the trackers being tested for are third-party ones; i.e., ones that can harvest both a child’s location as well as the parents’ data and sell them to literally anyone. All of our applications had third-party trackers, with the minimum being two in the Family GPS app, and the maximum being nine in Find My Kids and the Family Locator apps. Phone Tracker decided to take the middle road with a humble six, how very kind of it.
Cybersecurity’s always been in dire straits, but such apps highlight the difference between mistakes and a frank level of incompetency bordering on stupidity.
Read next: New Study Reveals Serious Privacy Concerns in Period Tracking Apps