Mobile child care management applications can help child care facilities, preschools, and kindergartens to save time and money by allowing their employees to speed up everyday child care tasks using mobile devices. Such apps often allow child care workers to communicate with parents or guardians, sharing their children’s most private data (e. g., activities, photos, location, developmental aspects, and sometimes even medical information). To offer these services, child care apps require access to very sensitive data of minors that should never be shared over insecure channels and are subject to restrictive privacy laws. This work analyzes the privacy and security of 42 Android child care applications and their cloud-backends using a combination of static and dynamic analysis frameworks, configuration scanners, and inspecting their privacy policies. The results of our analysis show that while children do not use these apps, they can leak sensitive data about them. Alarming are the findings that many third-party (tracking) services are embedded in the applications and that adversaries can access personal data by abusing vulnerabilities in the applications. We hope our work will raise awareness about the privacy risks introduced by these applications and that regulatory authorities will focus more on these risks in the future.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.