Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Thousands of Apple ID Passwords Leaked by Teen Phone Monitoring App Server
- Thread starter MacRumors
- Start date
- Sort by reaction score
Many of these "teen" monitoring apps are more often used to spy on a spouse or partner.
Mike
People think of kids as "blank slates" and they couldn't be more wrong. Adults have a lot to learn too.
I said this before, all kids are different. It’s even worse when the kids parents are divorced and the one parents wants to the friend, while the other is trying to be the parent.
Maybe it’s worth considering if Apps should be forced to use Apple back-end support.
3rd pty apps running on Apple servers would have uniform performance and security.
3rd pty apps running on Apple servers would have uniform performance and security.
That is what happens when you have parents that don't know code creating things 
This app claims that the child will not know you've installed it on their phone (except on Android, where an alert pops up once to warn the user, and/or on iOS if you use a mobile app instead of the webpage to track them).
"All" you need on iOS is their Apple id and password.
If so, I can visualize the FBI setting up phishing methods to try to get a criminal's Apple password, so they can secretly install their own version of a monitoring app.
"All" you need on iOS is their Apple id and password.
If so, I can visualize the FBI setting up phishing methods to try to get a criminal's Apple password, so they can secretly install their own version of a monitoring app.
Last edited:
Yeah the whole job of parent is to monitor. All of us here know what the internet and apps are like. If that doesn’t make you want to monitor your kid’s activities then something is wrong with your morals. Personally I’d recommend against kids having a smart phone at all. Devices turn kids into zombies.
I’m shocked Apple doesn’t have something. I can look at my info and see what device I’m logged into, so why can Apple just have something for this?
The point is, you don’t know if they are. That’s the selling point.
Did this service violate the Children's Online Privacy Protection Rule ("COPPA") due to exposing private information of the children? This app was intended to keep children safe but it appears to endanger them as well. The parents should have their children enable two-factor authentication and change their password before a pedophile stalker is capable of using this service to stalk their children. Apple probably should send alerts to warn about the compromise so that the parents will not continue blindly using it.
(tangent)
No, that's not normal. At all. Passwords aren't stored unencrypted; that's not how password managers work. At least not ones that are even remotely decent. Given how low a bar "encrypt the passwords" is for them, I can't think of any with that behavior.
Even for the managers that sync across devices or have web interfaces, the service doesn't have access to the unencrypted login information. They literally can't access it (e.g., 1Password Security Design; it's a bit technical, but it describes the entire process). In other words, it's perfectly safe with a proper master password. The alternatives (password reuse, shorter/more memorable passwords, writing them all down on paper, etc.) are all significantly less safe.
You took the words right out of my mouth. I was going to post something when I had more time, but you said it way better.
Some kids might be willing to let their parents track in case of emergency especially if they live near a place prone to have natural disasters. A tracker catering to willingly tracked kids could offer the ability to send a distress signal with location such as during a natural disaster or a mass shooting.
Find my friends for iOS, and it’s free. We have my in-laws on this for this exact reason.
I am not a parent and I think I can safely say at this point I will never be one, but I’m not going to bash people trying to monitor what their kids are doing on or with cell phones. This is definitely something my parents, or for that matter ANYBODYS parents had to worry about when I was a teen. Considering the trouble a kid can get into with people who may seriously harm your child or companies trying to hack them or the family I can’t say that I wouldn’t feel the need to use similar software if I did have kids right now. I could only talk to a few dozen people at most, almost all of them within a few blocks of my house. Now a kid can talk to thousands anywhere in the world, for both good and evil.
If the kid goes off the rails many will ask why the parents weren’t monitoring who their kids were in contact with. 99% of kids either won’t have trouble or will not do anything foolish. That remaining 1% can end up making headlines, however.
If the kid goes off the rails many will ask why the parents weren’t monitoring who their kids were in contact with. 99% of kids either won’t have trouble or will not do anything foolish. That remaining 1% can end up making headlines, however.
If the children are harmed by their actions they could sue once they become an adult.
It’s about time companies like this started getting prosecuted and/or fined for their lax security standards.
Clear you're not a parent. I don't know that I'd use this type of product, (my kids are too young as yet), but this is not as black and white as you might imagine.
I agree especially since they violated child privacy laws with the way they mishandled the children's infomation
You are right. From what was posted the people who set this up where very much amateurs. Also look at the statistics: One million users but only about 10,000 active users. This means literally 99% of those who tried the product decided not to actively use it.
Having only a few European clients would open these guys up to a $40M fine. I doubt thy could pay it.
The US is so backwards with consumer protections and such but does benefit from relations in Europe and China. The reason all cell phone makers have standardized on USB chargers is because of a law in China that requires this. No One wants to make two version of a product we now everyone in the world uses the Chinese standard. In Europe GDPR take effect really soon and no one wants to turn away business from all of the EU so even American firms will follow the European standard. Same way with lead in electronics. Everyone else bans it so it is gone even from products sold in the US.
I wonder about gas and diesel powered cars. These will be banned from sale in most of the world in maybe 20 or so years. Some counties banning them sooner. Will they be gone from dealer's lots in the US? by mid century?
Going back to this spyware product, If the authors did not know that plaintext passwords are a dumb idea and left there AWS accounts open a seriously doubt they even knew about GDPR and the huge fines they were setting themselves up for.
Apple will request password changes for several reasons. including security leak situations and yes age of the password or if it doesn't fit the current rules.
so if they know that it's a child's password and they know that service like this has been hacked yes they might 'spam' out a change request. if it was by email just make sure it was really them and not a phishing attempt before you do it.
Pretty black and white to be. They were tracking kids information and keeping the tracked information in a publicly accessible database. The entire server was open to anyone, no login required and it contained names, passwords, email and all the data that was being sent to parents.