Parents beware: These popular Android child tracking apps might be spying on you
If you are a parent or a guardian and have installed parental control apps to keep an eye on your kids, you might want to check if the apps you have installed are reliable enough.
Cybernews has published a report that says the top Android apps for tracking kids and family members which have been downloaded over 85 million times on the Google Play store could be exposing your and your children's information to bad actors. Each of them was downloaded more than a million times, and the most popular one has been installed 50 million times.
Turns out, these apps can be dangerous for your family. While some of the most popular monitoring apps have weak security and privacy features, others contain links to malicious websites and all have trackers. These apps even keep tabs on the parents that have downloaded them to keep their kids safe.
Cybersecurity company Casaba Security's co-founder Jason Glassberg says that tracking apps are "essentially a backdoor into your child's phone, which at a minimum will be collecting reams of data on them."
A security analysis tool called the Mobile Security Framework (MobSF) was used to evaluate the security and privacy of the apps. Seven out of ten apps received a B for privacy, the second-best grade, and two got Cs. Phone Tracker By Number, which has been downloaded over 50 million times, received the lowest F grade.
The app also shares Broadcast Receivers, which is an Android component that lets an app respond to messages broadcast from the operating system (OS) or another app. This could allow other apps on the device to access the Phone Tracker By Number app and access its data, such as the location of the kid that a parent is tracking.
These apps have not properly implemented the Secure Sockets Layer (SSL) certificate, making them vulnerable to man-in-the-middle (MITM) attacks., which could allow an attacker to eavesdrop on the traffic flowing through them.
Karim Hijazi, CEO of cyber intelligence company Prevailion, believes that the reason behind the lax security is that app developers do not always necessarily dedicate the time and sources needed to ensure an app is secure.
It's like making cheap sausage, and you don't know what kind of ingredients are going into it. The problem for the end-user is that you really don't know all that is in the app or how many different parties are receiving this information." - Karim Hijazi
The companies behind tracking apps are interested in collecting specific data to track the user who has installed the app and third parties could use this info for many purposes, such as targeted advertising or monitoring.
Find my kids: location tracker, which has been installed over 10 million times, and Family Locator - GPS Tracker & Find Your Phone App, contain nine trackers. MMGuardian App For Child Phone (1 million +) and Find my Phone. Family GPS Locator by Familo (1 million +) were found to have eight trackers. My Family locator, GPS tracker (5 million +), and FamiSafe: Parental Control App had seven trackers.
These and other similar apps with trackers stored hard-coded application programming interface (API) keys, which are generally used for authentication purposes. Find my Phone. Family GPS Locator had the most API keys, four to be exact. If threat actors find these tokens, they can get their hands on sensitive data.
Four out of the ten reviewed apps had malicious links. So even though the apps themselves might not be affected, the links may lead users to sites with malware. For instance, FamiSafe: Parental Control App had two links that some security vendors thought were nasty. Phone Tracker by Number, Find my kids: location tracker, and Family GPS tracker KidsControl had one malicious link each.
Some experts are outright against such apps as they believe they violate the bond of trust between parents and kids. They believe that you should instead teach children about online safety.
At the end of the day, it's your call as a parent whether you want to use a tracking app or not, but you must do your research to ensure that the app you intend to install will not put you and your kids in the harm's way.
By installing this type of app on the child's phone, you've essentially embedded a fully capable trojan on their most personal of devices, which, in addition to having access to their browsing activity, communications, friends, etc, can also track their real-time location. " - Karim Hijazi
- Browse privately with ExpressVPN
Things that are NOT allowed: