TeenSafe phone-monitoring app leaks thousands of Apple ID account logins

A popular app that helps parents keep tabs on their kids’ phone activity has at least one leaky server, according to ZDNet, with tens of thousands of user account details breached.

Called TeenSafe, the app touts itself as a “secure” monitoring app available on both Android and iOS, and lets parents check their kids’ messages, call and search history, as well as keep tabs on their location.

ZDNet reports that the app’s servers, hosted on Amazon’s Web Services cloud platform, were left unprotected, giving anyone access to the app’s user database without a password.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet over the weekend.

Exposed

First discovered by UK-based security researcher Robert Wiggins, the data breach includes email addresses of parents with TeenSafe accounts, alongside Apple IDs and passwords – stored in plaintext – of the children.

The server also stored the names and the unique identification numbers (IMEI) for each device. However, no app content (such as photos or messages) was stored on the servers.

Ironically, for the app to work, TeenSafe requires two-factor authentication to be disabled — meaning anyone with ill intentions can access those Apple ID accounts with just the login credentials easily available from the leaky servers.

Although the offending servers have been shut down, there were reportedly “at least 10,200 records from the past three months containing customers data – but some are duplicates” stored on the server.

Invasion of privacy

Apps like TeenSafe collect a huge amount of data from users, making privacy advocates question their legitimacy. Many believe that phone monitoring apps are intrusive and an invasion of privacy, even if the person in question is a child.

TeenSafe has a YouTube channel that shows parents how to block individual apps as well as how to shut down a child’s device altogether, giving the impression that the developers of the app don’t seem to have much faith in the ability of today's youth to use their phone in a "safe" manner.

6 ways to make your phone more secure

You also might want to check out the best phones for kids.

While she's happiest with a camera in her hand, Sharmishta's main priority is being TechRadar's APAC Managing Editor, looking after the day-to-day functioning of the Australian, New Zealand and Singapore editions of the site, steering everything from news and reviews to ecommerce content like deals and coupon codes. While she loves reviewing cameras and lenses when she can, she's also an avid reader and has become quite the expert on ereaders and E Ink writing tablets, having appeared on Singaporean radio to talk about these underrated devices. Other than her duties at TechRadar, she's also the Managing Editor of the Australian edition of Digital Camera World, and writes for Tom's Guide and T3.