Experts warn to be wary after popular app GPS App – Find Family, Friends caught exposing Kids' live location, phone numbers
A GPS tracking app trusted by families turned into a stalker’s dream after cyber experts uncover data leaks exposing kids’ real-time locations.
South East
Don't miss out on the headlines from South East . Followed categories will be added to My News.
A GPS tracking app used by more than 320,000 parents to keep tabs on their kids has been caught spilling real-time GPS data, raising stalking and child safety fears.
The GPS App — Find Family, Friends, which is available on Apple’s App Store, left its firebase database wide open, allowing anyone to access users’ sensitive info — including live locations of children.
Cybersecurity researcher Aras Nazarovas — who uncovered the flaw — said it was a “major security threat”.
“One of the most obvious dangers is potential stalkers getting access to such data, making it much easier to track and find targeted people,” Mr Nazarovas said.
The exposed GPS App has been easily available on Apple’s App Store but experts say parents shouldn’t assume that means it’s safe.
Monash University cybersecurity lecturer Nigel Phair said any app that dealt with kids’ data should be held to the highest standard, calling the leak “worrying”.
He said users often trusted Apple, which by default meant they believed the apps on the Apple App Store too were “trustworthy”, but said that was not the case.
“Apple could put in vulnerability scanning beforehand, but that won’t change anything if at the back end data is still being leaked,” he said.
“The app might be secure but the collection of the information tracking may not be secure.”
Mr Phair also said parents and users had “virtually no power” when it came to how apps were run or vetted, but could only do their research in verifying the app’s security and reviews before downloading.
Apple and GPS App – Find Family, Friends have been contacted for comment.
It comes after researchers analysed 156,080 randomly selected iOS apps — eight per cent of all apps on the App Store — discovering more than 71 per cent of the apps were exposing sensitive data.
It follows another shocking breach revealed last week by the Herald Sun, when raunchy gay dating app Gay Daddy: 40+ Date & Chat was caught leaking more than 50,000 user profiles and 124,000 private messages including HIV status, location and thousands of private and explicit images.
Explicit apps BDSM People, CHICA, TRANSLOVE, PINK, and BRISH also exposed 1.5 million private photos — including explicit images in a major leak which has since been fixed.
The apps — developed by UK-based M. A. D Mobile Apps Developers Limited — allowed unauthorised access to storage buckets containing highly sensitive content through a coding flaw putting users at risk of extortion and social engineering attacks.
