TeenSafe is a smartphone app that allows parents to monitor their children’s smartphone activity. TeenSafe gives parents access to the child’s text messages, location, web history, and app install history as well as the ability to monitor their phone calls. The app is available for both Android and iOS and doesn’t require consent from the child to be installed. Joining the ranks of other apps and services plagued with data leaks, this “secure” tracking app for parents has leaked the data and Apple ID passwords of thousands of kids.
It appears TeenSafe was using Amazon Cloud servers to store information and some of those servers were not secure. The TeenSafe servers were left unprotected and easily accessible without the need of a password. TeenSafe pulled the servers offline after ZDNet contacted the company about their exclusive story.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson told ZDNet on Sunday.
The servers stored the parent’s email addresses, the child’s Apple ID email address, the child’s device name, and the device’s unique identifier. The kicker here is that the data also contained the child’s passwords in plaintext.
The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.
The company has millions of users and we’re not clear on the extent of the situation and just how many are affected. If you use this app, it’s probably a good idea to change passwords for the app as well as any Apple ID passwords.
Last Updated on May 21, 2018.