TeenSafe Isn't Safe: Teen Monitoring App Usernames And Passwords Stored Without Encryption


TeenSafe, the popular phone monitoring app used by parents to spy on their children, has suffered a massive data breach.

The app, available for both iOS and Android, bills itself as a "secure" monitoring app that allows parents to keep track of their kids' text messages, location, phone logs, web browsing history, and even monitor which apps they've installed.

However, the app had left its servers unprotected, giving anyone access to the information without authentication, according to a report published by ZDNet.

TeenSafe Leaves Data Unprotected, Exposes Thousands Of Usernames And Passwords

Robert Wiggins, a UK-based security researcher, found that two of the LA-based company's servers, which are hosted on Amazon's Web Services platform, were left unprotected. This means that anyone could access the information without the need for a password.

Shortly after ZDNet notified the company of the security blunder, TeenSafe pulled the servers offline.

"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," a company spokesperson said on Sunday, May 20.

TeenSafe claims to have more than a million parents as users, and its databank not only stores the parents' email addresses but also their child's email address. It also contained the unique identifier of the child's device, and most importantly, the unencrypted, plain text passwords for the child's Apple ID.

It remains to be known why the data, including the teenagers' passwords for Apple IDs, were stored in plaintext if the company claims on its website that it's "secure" and uses encryption to protect the data in the event of a data breach.

TeenSafe Requires Apple ID Accounts To Disable Two-Factor Authentication

What makes things worse is that TeenSafe requires the teenager's Apple ID account to have two-factor authentication switched off in order to allow parents to monitor their kids' phone activity without their consent. This makes it easier for intruders to gain access to the child's iCloud data.

Luckily, the database did not include location data, photos, or messages of the users or their children, but the servers did contain "at least 10,200 records from the past three months."

This is not the first time TeenSafe's legitimacy has been questioned, and that's understandable, given the significant amount of data the app collects. Teen monitoring apps such as TeenSafe have always sparked debate around issues such as invasion of children's privacy and parental rights and responsibilities.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics