the app's requirement that two-factor authentication is turned off
This is incredibly stupid and dangerous, to put it lightly. And how is this allowed on the App Store?
[doublepost=1526956254][/doublepost]
Jesus H, this product is abominable. True helicopter parent dystopian BS. Just let kids be kids!
Parent here. I'm all for monitoring and protecting them, but putting a spy app on their phone? You might as well tell them, "Hey kid, I've never trusted you and I never will. Do whatever you want, just make sure you don't use your phone to do it." If you need to spy on their phone, don't give them one.
Who says the parents are forcing it? When I was in high school, I gave my parents the ability to track me in iMessage. They didn't even ask. They like to make sure I'm ok, and I was tired of having to respond to messages asking where I was / whether I got somewhere safely. I trusted them not to abuse it.
I'd say it's overkill to get a full history, but often times an iPhone can't respond to location requests for whatever reason and doesn't update the last known location frequently enough sometimes. IDK if they've fixed that now.
[doublepost=1526956433][/doublepost]
This is a good example of why you should never believe you have “total” security or privacy on any operating system or platform.
It's more like a good example of why you should never give your iCloud credentials to anyone besides Apple (likewise for other companies). And I have no idea how this got onto the App Store.
[doublepost=1526956535][/doublepost]
Nothing says "your teens are safe with us" like keeping a million passwords in a big, plaintext archive. Turns out to be about as safe as stenciling "TeenSafe" on a windowless van...
I know everyone loves to criticize other people's parenting skills, but I'm amazed how much of this conversation is around what kinds of parents would use a tool like this, and not around the fact that this company is specifically gathering information on children and not even taking the most basic steps to protect that information.
I think they need the plaintext passwords to log into the account since there's no API or even an auth token system available. If that's the case, this app shouldn't exist at all. It's inherently insecure that way, nothing they can do to improve it.
[doublepost=1526956932][/doublepost]
Any app that wants your password to another account is to be avoided at all cost. Especially financial aggregators like Mint.com.
It's the worst with financial stuff. Even big things like Coinbase and Venmo take bank account usernames and passwords since there's no better way. Man, we need to update our banking tech beyond the 1970s.