Ruhr-Uni-Bochum

“We may share the number of diaper changes”: A Privacy and Security Analysis of Mobile Child Care Applications

2022

Konferenz / Medium

Autor*innen

Matteo Große-Kampmann Maximilian Golla Tobias Urban Christian Höfig Moritz Gruber

Research Hub

Research Hub C: Sichere Systeme
Research Hub D: Benutzerfreundlichkeit

Research Challenges

RC 11: End-users and Usability

Abstract

Mobile child care management applications can help child care facilities, preschools, and kindergartens to save time and money by allowing their employees to speed up everyday child care tasks using mobile devices. Such apps often allow child care workers to
communicate with parents or guardians, sharing their children’s most private data (e. g., activities, photos, location, developmental aspects, and sometimes even medical information). To offer these services, child care apps require access to very sensitive data of minors that should never be shared over insecure channels and are subject to restrictive privacy laws. This work analyzes the privacy and security of 42 Android child care applications and their cloud-backends using a combination of static and dynamic analysis frameworks, configuration scanners, and inspecting their privacy policies. The results of our analysis show that while children do not use these apps, they can leak sensitive data about them.
Alarming are the findings that many third-party (tracking) services are embedded in the applications and that adversaries can access personal data by abusing vulnerabilities in the applications. We hope our work will raise awareness about the privacy risks introduced by these applications and that regulatory authorities will focus more on these risks in the future.

Tags

Privacy
Security Awareness
Mobile Security