TeenSafe phone-monitoring app leaks thousands of Apple ID account logins

null

A popular app that helps parents keep tabs on their kids’ phone activity has at least one leaky server, according to ZDNet, with tens of thousands of user account details breached.

Called TeenSafe, the app touts itself as a “secure” monitoring app available on both Android and iOS, and lets parents check their kids’ messages, call and search history, as well as keep tabs on their location.

ZDNet reports that the app’s servers, hosted on Amazon’s Web Services cloud platform, were left unprotected, giving anyone access to the app’s user database without a password.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet over the weekend.

Exposed

First discovered by UK-based security researcher Robert Wiggins, the data breach includes email addresses of parents with TeenSafe accounts, alongside Apple IDs and passwords – stored in plaintext – of the children.

The server also stored the names and the unique identification numbers (IMEI) for each device. However, no app content (such as photos or messages) was stored on the servers.

Ironically, for the app to work, TeenSafe requires two-factor authentication to be disabled — meaning anyone with ill intentions can access those Apple ID accounts with just the login credentials easily available from the leaky servers. 

Although the offending servers have been shut down, there were reportedly “at least 10,200 records from the past three months containing customers data – but some are duplicates” stored on the server.

Invasion of privacy

Apps like TeenSafe collect a huge amount of data from users, making privacy advocates question their legitimacy. Many believe that phone monitoring apps are intrusive and an invasion of privacy, even if the person in question is a child.

TeenSafe has a YouTube channel that shows parents how to block individual apps as well as how to shut down a child’s device altogether, giving the impression that the developers of the app don’t seem to have much faith in the ability of today's youth to use their phone in a "safe" manner.