Daycare monitoring apps are ‘dangerously insecure,’ report finds - The Verge
Research conducted by the Electronic Frontier Foundation has found that daycare apps including Brightwheel, HiMama, and Tadpoles have weak security and share data with numerous third-party advertisers that are not disclosed in app privacy policies.
Popular daycare and childcare communications apps are “dangerously insecure,” according to newly published research, exposing children and parents to the risk of data breaches with lax security settings and permissive or outright misleading privacy policies.
The details come from a new report from the Electronic Frontier Foundation (EFF), which published the results of a months-long research project on Tuesday.
The research, conducted Alexis Hancock, EFF’s director of engineering for the Certbot project, found that popular apps like Brightwheel, HiMama, and Tadpoles lacked two-factor authentication (2FA), meaning that any malicious actor who was able to obtain a user’s password could log in remotely. Further analysis of application code revealed a number of other privacy-compromising features, including data sharing with Facebook and other third parties, that were not disclosed in privacy policies.
After being contacted by the EFF, Brightwheel implemented 2FA and claims to be ”the first in the early education industry to add this extra layer of security.” HiMama reportedly said that it would pass on the feature request to its design team but has not yet implemented the additional security feature. It is not known whether Tadpoles has an intention to implement 2FA.
Network traffic analysis shows the Tadpoles app sending user event data to Facebook.
Hancock started researching the privacy and security settings of various daycare apps after being asked to download Brightwheel when enrolling her two-year-old daughter in daycare for the first time. Hancock told The Verge that she initially enjoyed using the app to receive updates about her daughter but became concerned about a lack of security given the potentially sensitive nature of the information.