Parental monitoring app data compromised - Mobile World Live

Parental monitoring app data compromised

21 MAY 2018

TeenSafe, an app used by parents to monitor their children’s smartphone activity, leaked data from tens of thousands of accounts, UK-based security researcher Robert Wiggins found.

Wiggins, who is affiliated with the not-for-profit Open Bug Bounty platform, revealed TeenSafe servers hosted on Amazon’s cloud were unprotected and accessible by anyone without a password, ZDNet reported.

At least two of these servers leaked data, which impacted accounts of both parents and children. Both servers were pulled offline after TeenSafe was alerted.

In a statement to ZDNet, the US-headquartered company said: “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted”.

The app’s website states it is a subscription service for parents of children aged between seven and 17 years-old, which provides smartphone monitoring capabilities for $14.95 a month.

Parents can access information including sent, received and deleted texts, and iMessages; call logs; device location; web browsing history; and messages sent via WhatsApp and Kik Messenger.

The app’s database stores the parents’ and child’s email addresses, along with the child’s Apple ID email address and passwords. Wiggins said these details were in plain text, meaning they were not encrypted.

The database also includes the name and unique identifier of childrens’ devices, but not photos, messages or location information.


Saleha Riaz

Saleha joined Mobile World Live in October 2014 as a reporter and works across all e-newsletters - creating content, writing blogs and reports as well as conducting feature interviews...More

Read more