Over the last decade, the tsunami of mobile services has practically inundated humans and their social behavior, and children are no exception. Even eight-year-olds are glued to their tablets or smartphones. Consequently, they are open to the risks of the all-pervasive Internet world, from violent content to explicit material not suitable for their tender age. It is therefore not surprising that millions of parents install apps that help them monitor and sieve content accessed by their children, and even keep a tab on their location. However, as a recent study* has shown, they could be paying a heavy price for it by jeopardizing private data. While giving parents perceived control over their child’s browsing habits, those apps could be leading them into a ‘parent trap.’

Privacy concerns arising from parental control apps have so far been overlooked by organizations recommending the use of such apps, including some European and other national security centers. Dozens of such popular apps with combined downloads exceeding 20 million in the Google Play Store exist, thereby amplifying the privacy concerns manifold. Recognizing this lacuna in the extant literature, EPFL’s Carmela Troncoso and a group of researchers from IMDEA conducted the first in-depth study of the Android parental control app’s ecosystem from privacy and regulatory point of view.

After a thorough static and dynamic analysis of 46 apps from 43 developers, the researchers concluded that the apps demand more permissions than the top 150 apps in the Google Play Store; and the alarming or hazardous nature of the permissions increases with every new release. The study found that 34% of the apps collect and share personal information without user consent and 72% of the apps share data with third parties.

In many ways, the threat to privacy from some parental control apps is similar to that from spyware. Troncoso, head of the Security and Privacy Engineering Lab (SPRING) at EPFL’s School of Computer and Communication Sciences (IC), expressed her surprise at the extensive presence of surveillant libraries in parental control apps and said, “With some of the apps you can’t look at anything on your phone without information being sent to the backend server.”

The study, which has won the “Prize for the research and Personal Data Protection Emilio Aced” given by the Spanish data protection agency (AEPD), raises a potent question: Does the use of parental control apps justify the dangers arising from the collection and processing of private data? The researchers hope that the study serves as a wake-up call for both parents as well as regulators on the risks associated with these apps. They also call for a security and privacy analysis to help parents download and use an app that protects their data privacy to the maximum extent possible.

* Feal, Álvaro & Calciati, Paolo & Vallina-Rodriguez, Narseo & Troncoso, Carmela & Gorla, Alessandra. (2020). Angel or Devil? A Privacy Study of Mobile Parental Control Apps. Proceedings on Privacy Enhancing Technologies. 2020. 314-335. 10.2478/popets-2020-0029.

Pdf accessible here.