EFF Reveals Privacy, Security Concerns in Day Care Apps

pcmag.com:

The Electronic Frontier Foundation (EFF) has revealed(Opens in a new window) a variety of privacy and security flaws in apps used by many day care centers, preschools, and other groups that focus on childcare.

The most glaring of those problems is that many of these apps don't support two-factor authentication (2FA) for administrators or parents. That makes it easier for someone to gain access to a parent's account to view information a care provider shares about their children.

"Through static and dynamic analysis of several apps," the EFF says, "we uncovered not just security issues but privacy-compromising features as well. Issues like weak password policies, Facebook tracking, cleartext traffic enabled, and vectors for malicious apps to view sensitive data."

Much of the information collected by these apps—what a child has eaten, when their diapers were changed, what activities they did on a particular day—is relatively innocuous. But other information, such as when a child is dropped off and by whom, could prove to be more sensitive.

The EFF notes that many popular apps don't provide information about the steps taken (if any) to secure information that is managed via cloud service providers such as Amazon Web Services. App makers are slow to respond to reported vulnerabilities, too, which also puts their users at risk.

"Between vague language that could misguide parents about the reality of data security, fewer options(Opens in a new window) for daycares (especially the first two years of the pandemic), leaky and insecure applications, and lack of account security control options," the EFF says, "parents can’t possibly make a fully informed or sound privacy decision."

Unfortunately, many providers require parents to