Skip to main content

TeenSafe phone-monitoring app leaks thousands of Apple ID account logins

A popular app that helps parents keep tabs on their kids’ phone activity has at least one leaky server, according to ZDNet, with tens of thousands of user account details breached.

Called TeenSafe, the app touts itself as a “secure” monitoring app available on both Android and iOS, and lets parents check their kids’ messages, call and search history, as well as keep tabs on their location.

ZDNet reports that the app’s servers, hosted on Amazon’s Web Services cloud platform, were left unprotected, giving anyone access to the app’s user database without a password.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet over the weekend.

Exposed

First discovered by UK-based security researcher Robert Wiggins, the data breach includes email addresses of parents with TeenSafe accounts, alongside Apple IDs and passwords – stored in plaintext – of the children.

The server also stored the names and the unique identification numbers (IMEI) for each device. However, no app content (such as photos or messages) was stored on the servers.

Ironically, for the app to work, TeenSafe requires two-factor authentication to be disabled — meaning anyone with ill intentions can access those Apple ID accounts with just the login credentials easily available from the leaky servers. 

Although the offending servers have been shut down, there were reportedly “at least 10,200 records from the past three months containing customers data – but some are duplicates” stored on the server.

Invasion of privacy

Apps like TeenSafe collect a huge amount of data from users, making privacy advocates question their legitimacy. Many believe that phone monitoring apps are intrusive and an invasion of privacy, even if the person in question is a child.

TeenSafe has a YouTube channel that shows parents how to block individual apps as well as how to shut down a child’s device altogether, giving the impression that the developers of the app don’t seem to have much faith in the ability of today's youth to use their phone in a "safe" manner.

Sharmishta Sarkar

Sharmishta is TechRadar's APAC Managing Editor and loves all things photography, something she discovered while chasing monkeys in the wilds of India (yes, she studied to be a primatologist but has since left monkey business behind). While she's happiest with a camera in her hand, she's also an avid reader and has become a passionate proponent of ereaders, having appeared on Singaporean radio to talk about the convenience of these underrated devices. When she's not testing cameras and lenses, she's discovering the joys and foibles of smart home gizmos. She also contributes to Digital Camera World and T3, and helps produce two of Future's photography print magazines in Australia.