Parental control apps behaving badly

(Image: Pixabay CC0) - Researchers from EPFL and Spain's IMDEA Software Institute and IMDEA Networks Institute , have found that many parental control applications collect and share data without consent, and fail to comply with regulatory requirements. Parental control applications available on Android through the Google Play Store are used by parents to monitor and limit their children's online activities and even physical location; for example, to examine a child's web browsing history, to block or limit their access to certain websites or features, or through surveilling the location of their mobile devices to know where their children are. By definition, these apps are highly intrusive as they require privileged access to system resources and sensitive data to do their jobs. This access may reduce the dangers associated with kids' online activities but this new research has found that the apps raise important privacy concerns, so far overlooked by regulators and organizations that provide recommendations to the public on their use. The Study The researchers, including Carmela Troncoso, head of the Security and Privacy Engineering Lab ( SPRING ) at EPFL's School of Computer and Communication Sciences (IC), conducted the first in-depth study of the Android parental control app's ecosystem from a privacy and regulatory point of view, studying 46 different apps from 43 developers. Combined, these apps have been installed more than 20-million times in the Google Play Store. Using a combination of static and dynamic analysis they found that almost 70% of the apps share private data without user consent and close to 75% contain data-driven third-party libraries for secondary purposes including social networks, online advertising, and analytics.