Security researcher Robert Wiggins discovered that TeenSafe, a mobile app that lets parents track teens’ locations and text messaging habits, left the data thousands of accounts exposed on two Amazon servers.
At least 10,200 records from the past three months contained customer data.
TeenSafe markets itself as a secure, encrypted way for parents to track call, Web, and location histories, as well as read text messages, even deleted ones.
Using the app to track a teen’s iPhone requires that you have to turn off Apple’s two-factor authentication to use TeenSafe on an iOS device, making it easy for an intruder to sign in with another device and look at a teen’s iCloud data.
TeenSafe told ZDNet it had shut down the relevant server and started warning customers that might be affected. The problem, as you might surmise, is that it took Wiggins’ findings for the company to lock things down. Data privacy is important for any service, but it’s crucial for child-oriented apps where many of the users are particularly vulnerable and inexperienced.