Mother using parental control app on tablet to ensure her child’s safety at home
Popular parental control apps for the Android platform were found to be vulnerable to multiple security flaws, risking the data and safety of the users they aim to protect.
Parental control apps are installed by parents on their children’s smartphones and tablets, setting usage limits, blocking certain types of content, tracking the device location, and giving the parent access to data like SMS content, IM exchanges, and browsing activity.
These apps are designed to help parents keep their children safe online and offline. However, if the apps are vulnerable to unauthorized access and data leaks, they may introduce unwanted surveillance risks and even put the user at physical risk.
Unfortunately, a study from the independent cybersecurity group SEC Consult found that many apps suffer from flaws that could allow unauthorized remote actors to access web dashboards, stealthily track children, and perform attacks.
Additionally, the children themselves can exploit the flaws to remove or bypass the usage or content access restrictions set by their parents.
SEC Consult picked a group of popular parental control apps for analysis, using static and dynamic analysis methods, including scrutinizing the security of their network traffic, whether or not they encrypt sensitive user data, what API access restrictions are in place, and more.
The analyzed apps are the following, ranked by the number of downloads of Google Play, Android’s official app store:
Find My Kids – 10 million downloadsKids Place