Advertisement

Teen phone tracking app exposed thousands of Apple accounts

Parents were also vulnerable.

Parents understandably pour a lot of trust into apps that monitor their kids' activity. That makes it all the more painful when there's a lapse in security, and that's unfortunately the case today. Security researcher Robert Wiggins discovered that TeenSafe, a mobile app that lets parents track teens' locations and text messaging habits, left the data thousands of accounts exposed on two Amazon servers. One of them held nothing but test data, but the other included kids' Apple ID email addresses and passwords, not to mention the email addresses of the parents.

That's serious enough by itself, but it's compounded by the way TeenSafe works. You have to turn off Apple's two-factor authentication to use TeenSafe on an iOS device, making it easy for an intruder to sign in with another device and look at a teen's iCloud data.

To its credit, TeenSafe told ZDNet it had shut down the relevant server and started warning customers that might be affected. The problem, as you might surmise, is that it took Wiggins' findings for the company to lock things down. Data privacy is important for any service, but it's crucial for child-oriented apps where many of the users are particularly vulnerable and inexperienced.