Every service should respect users’ privacy. And it becomes more important when an application deals with a child’s daycare activity data.
Yes, childcare applications can be useful for parents to check on their kids enrolling for early education or daycare. Unfortunately, most daycare applications do not enforce common security measures required for basic privacy protection, which is concerning. So, what exactly makes them dangerous to use? Should they be improved?
The Lack of Security for Daycare Applications
Compared to messengers, social media, file storage, and a few more services, daycare and early education applications have often been off the radar for the masses. Daycare applications sound beneficial for parents but are still in the process of being adopted by all kinds of schools across the globe.
Considering it is not something everyone knows about, parents might remain unaware of the privacy risks associated; and so, the developers of daycare applications haven’t got the necessary peer pressure to improve their security standards.
The security issues with daycare applications could:
- Compromise your device.
- Allow attackers to access sensitive data about you and/or your child.
To highlight the matter, the Electronic Frontier Foundation (EFF) shared a report that analyzed what’s wrong with the daycare applications regarding privacy and security.
We take that report as a reference while sharing some pointers on why childcare apps are dangerous for privacy and could use improvements:
1. No Two-Factor Authentication
Multi-factor authentication systems should be the bare minimum to protect account data. Almost every application and service offers it at no extra cost to the users.
Unfortunately, many daycare applications do not have it. This is mostly because the app developers, or the school administrators, may think that the account access to childcare data is not something attackers would target. Furthermore, they might think it would be more convenient to log in to the applications without two-factor authentication.
But any personal data on individuals or the device is useful for attackers for various activities. Two-factor authentication really is essential, no excuses.
2. Security Vulnerabilities Unpatched
Unlike some popular applications, many childcare applications do not get regularly audited or patched.
These applications typically stick to the concept of “do not change anything until it works.” While it sounds practical and convenient, it is not a good idea regarding security and privacy. Without regular updates and audits, daycare applications could remain vulnerable to various threats without the parents noticing it.
Interestingly, EFF shared the details of vulnerabilities for some popular daycare applications with the concerned companies and got no response to resolve them.
3. A Lack of Information for Data Privacy
4. Privacy-Compromising Features
If an application offers privacy protection features, it will help minimize any damage one would expect from a breach.
On the contrary, as per the report by the EFF, many such applications come loaded with privacy-compromising features, which include weak password policies. These issues let malicious applications view sensitive information, risking the data of the parents’ device.
So, it puts your child’s data at risk and leaves other devices at risk. Worrying, right?
5. Cloud Security
It is not just about the application, but where the data collected is then processed and stored. We already mentioned that numerous apps fail to disclose many things in their privacy policies: cloud services are one such example.
It is essential to clarify what cloud service is being used and how it is protected from attackers. By casually mentioning a popular cloud service, you might not be reassuring used all that much, because most people don’t know loads about cloud security.
For instance, EFF mentions the HiMama app, which says they use Amazon’s AWS (suited to run sensitive government applications). But, without further details on the configuration and how they use it, it may not add any trust.
6. A Lack of Security Policies for Parents and Admins
The school or daycare may not be entirely at fault because they want to add convenience for parents through the app. However, with proper communication between the administrators of the school and app developers, a security policy (including a password policy) should be developed.
The security policy helps administrators and parents know the necessities to protect their child’s data and devices against obvious threat risks. It should also help parents decide whether to proceed or demand a change.
7. A Lack of Concern
The lack of response by companies developing such applications (and official authorities remaining ignorant about it) is a big deal.
Unless it concerns parents, authorities, and app development companies, childcare apps will pose a security threat to their users. If you are already using such an app or planning to use it, we recommend you check through some of these issues mentioned here and, if you’re not satisfied, highlight them to the relevant people in an effort to resolve them.
Protect Your Devices and Child’s Data
Like a malicious service, childcare apps without the required security standards can threaten your device and associated data.
If you would like to use daycare applications for your kids, it would be best to share the potential issues with your friends and family to stay vigilant. In addition, you should investigate the apps being used and ask the relevant authorities to address your privacy concerns. Collectively, your efforts should help make the digital space safer for kids.