Thursday 19 September 2019

Teen phone tracking app leaked thousands of user details from unprotected server

Stock image
Stock image Business Desk

An app used by parents to monitor their children's smartphone activity has leaked thousands of accounts from at least one server.

TeenSafe, a mobile app for both iOS and Android, allows parents to see their teenager's calls, texts, installed apps, browsing history and location.

The California-based company has previously said it does not need parents to get their children's consent to monitor their phones.

A UK-based security researcher found that two servers, which were hosted on Amazon's cloud, were left unprotected.

Robert Wiggins discovered the servers were accessible without a password.

Tech news website ZDNet contacted TeenSage who subsequently removed from online and began alerting potentially affected customers.

The details of the parent's email address, their corresponding child's Apple ID email address, the child's device name and the phone's unique identifier were kept on the database.

No content, such as photos or messages, or locations of either child or parent were contained in the unprotected servers.

One of the servers appeared to have been used for storing test data.

Online Editors

Also in Business