Headline
Child safety app riddled with vulnerabilities: Update now!
Categories: Personal Tags: Parental control kids place
Tags: child
Tags: safety
Tags: controls
Tags: restrict. block
Tags: limit
Tags: vulnerability
Tags: exploit
Tags: password
Tags: upload
Tags: dashboard
Child safety app Parental Control - Kids Place has been found to have five vulnerabilities. You need to patch immediately to keep yourself secure.
(Read more…)
The post Child safety app riddled with vulnerabilities: Update now! appeared first on Malwarebytes Labs.
An app designed to restrict screen time and add a “kids’ mode” for children on smart devices has been found to have a broad range of security issues.
The app, “Parental Control - Kids Place” is an Android app which is incredibly popular, sporting 5M+ downloads on its Google Play page. In terms of what the app does with user’s data, Play’s Data Safety page has this to say:
No data shared with third parties
Precise location, name and email, installed apps and other actions, crash logs, and device / other IDs may be collected
Data is encrypted in transit
You can request that data be deleted
Despite this, the five flaws discovered by the SEC Consult researchers would give most parents quite the headache in terms of device, account, and child safety. The explanations given for the various flaws are quite technical. Fear not, because below we’ll explain how these affected app users without wandering into the coding weeds.
- Passwords were being stored insecurely, in a way which would be potentially easy for an attacker to crack using automated methods.
- The parent’s web dashboard was insecure and vulnerable to attack.
- This same dashboard could be exploited to send download links to the child’s device which could contain malware.
- Finally, the child could potentially bypass the restriction features without anyone noticing. This last one involves a couple of steps which includes booting into safe mode. While a child may not figure the flow out themselves, it’s the kind of thing which routinely ends up on social media and streaming sites as a “cool hack”.
The vendor was notified mid-November 2022, with the app creators responding that “most” of the vulnerabilities had been fixed. Several rounds of back and forth communication ensued, with the SEC researchers having to go back and explain that certain issues had still not been addressed by the start of January 2023.
The vendor again replied that everything had now been fixed mid-February, and this time around the fixes got the job done.
What does this all mean in practice if you’re a user of this app? Well, good news: the updates did indeed fix the flaws. The way to keep your app and your child safe is to download the latest version of Parental Control - Kids Place from the Google Play store.
You must be running at least version 3.8.50 in order to be safe from the issues listed above.
There are no workarounds available to address the five security vulnerabilities if you’re running something lower than this, and you’ll potentially be at risk until you update the app.
Update all Android apps automatically:
Open the Play Store app
In the top right corner, press the profile icon
Tap Settings > Network Preferences > Auto-update apps
Select “over any network”, or “over Wi-Fi- only”
Update individual apps automatically:
Open the Play Store app
In the top right corner, press the profile icon
Tap Manage apps and device
Tap Manage, and then find the desired app
Tap the app to open the app’s Details page
On the Details page, tap More (typically represented by three vertical dots)
Turn on Enable auto-update
You may need to restart your device to complete the process.
We don’t just report on Android security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.