How Kindergarten Applications Can Spy on Parents and Children

 How Kindergarten Applications Can Spy on Parents and Children 

How Kindergarten Applications Can Spy on Parents and Children



The Daycare application is designed to make your daily life in kindergarten easier. For example, parents can use it to access reports on their child's progress and to communicate with teachers. However, some of these applications have serious security flaws. This is the conclusion reached by researchers at the Ruhr-Universität Bochum (RUB), Westfälische Hochschule, and Max Planck Institute for Security and Privacy in Bochum, in collaboration with industry partners. For security and privacy, we analyzed 42 childcare applications in Europe and the US. Some applications allowed access to children's private photos. Many applications access your personal data and share it with third parties without your permission. A group led by Dr. Matteo Große-Kampmann, Ph.D. RUB IT Security Horst Gortz and Dr. Maximilian Goll of the Max Planck Institute for Security and Privacy will present their findings at the 22nd Symposium on Technologies for Improving Privacy in Sydney. in July 2022. The results were published online. "Children's data is

subject to special protections under the General European Data Protection Regulations and the US Law on the Protection of Children's Online Privacy," said Maximilian Golla. "Unfortunately, we have found that many applications cannot guarantee this protection."


The analysis was performed in collaboration with AWARE7 GmbH. The team contacted all application vendors to notify them of the vulnerability before publishing.


used by millions


For the study, the researchers looked at the Android Kindergarten apps on the Google Play Store that offered at least the following features: A child's development and all special activities can be recorded in the app in the form of notes and photos. and video; The application has a messaging function that allows kindergarten staff to communicate with parents. The application supports the management of child care through management processes, such as billing, scheduling, and team building. The most used "Bloomz" and "brightwheel" applications have been downloaded over a million times on the Google Play Store. All together, all applications have reached almost 3 million downloads. In some cases, personal data is sold.


For example, eight of the applications analyzed had serious security vulnerabilities that could allow attackers to view private photos of children. In 40 applications, the researchers found that parents and caregivers were being followed. They collect your phone number and email address, as well as information about your device and application usage, such as when you click a button. Manufacturers share and sell this and other information with third-party suppliers. As one application developer put it, " We share data with our partners for commercial purposes, such as the average number of diaper exchanges per day ... ". Data is often shared with Amazon, Facebook, Google or Microsoft for targeted advertising campaigns.

 Privacy policies are not enough.


"We also looked at the privacy policies of the suppliers," said Maximilian Golla. "It simply came to our notice then. European and American laws require it, but most policies do not even mention the processing of children's data, let alone their collection and sale.


However, this does not mean that the provider is behaving maliciously. "We believe this is due to technical and organizational issues," says Matteo Groes-Kampmann. According to researchers, some providers act recklessly because the privacy policies they communicate are inconsistent, in part because they do not contain information about in-app data processing or services provided and have often not been updated for years. Researchers hope their findings draw attention to this sensitive issue, as children's data is in jeopardy. As Matteo Groes-Kampmann says, "Kindergarten principals, kindergartens and parents cannot analyze every application on their own." "But ultimately they are responsible for deciding what applications to use."


Guidelines and checklists

According to Maximilian Golla, rejecting childcare applications is, in principle, not a viable solution. Especially since providers do not have security vulnerabilities according to data protection regulations. "Without an official app, parents would use a messaging service like WhatsApp," he said. "This is the too bad solution to privacy." think to IT all experts, it would be better for experts to make guidelines and checklists. For example, a government agency can make recommendations and provide them to associations that run kindergartens.

Post a Comment

0 Comments