Parents told to beware of hidden dangers in kids’ smartphone and tablet apps

20 Dec 2012

Kids are going gaga for smartphones and tablet computers this Christmas, but a security expert has warned that parents need to be wary of apps that are capable of gathering data about their children.

Dermot Williams, the managing director of Threatscape, pointed to an investigation that has been launched by the Federal Trade Commission in the US into how apps are violating the privacy and rights of children, describing the marketplace for mobile apps as a “digital danger zone” with inadequate oversight.

Out of 400 apps designed for kids that were examined by the FTC, most failed to inform parents about the types of data that the app could gather and who could access it.

The FTC also reported that mobile apps can siphon data to “invisible and unknown” third parties that could be used to develop a detailed profile of a child without a parent’s knowledge or consent.

Digital danger zone

“The line between genuine apps and Trojan apps – those designed to compromise your phone, defraud you or steal your data – is fairly black and white and well understood,” Williams explained.

“However, there is less awareness about potentially undesirable actions of regular apps such as how many fail to disclose the amount of personal data they are gathering, where they are transmitting it, or what it will be used for.

“Some 97pc of the apps examined by the FTC, accounting for 99pc of downloads, are free. Just how are these developers making money? Are their revenue generation methods appropriate for kids apps?

“In the online world, if you are not paying to use a product such as an app or website, then you probably are the product. It is by advertising or selling data to third parties that these companies make money. When apps lie, phones spy – which is especially inappropriate, even sinister, when it comes to apps targeted at children,” Williams said.

What the bad guys are looking for

Williams’ comments echo views expressed by another Irish-based security expert Paul C Dwyer at the Digital Rights Forum debate on privacy in May of this year.

Dwyer warned that smartphones, in particular, present a serious risk to privacy and safety. “The average Angry Birds game on an iPhone sends 650 requests to a mobile network every hour. The same game on an Android phone sends 2,500 or so requests. Why? Because it is taking down ads and chewing up your data service and bandwidth.”

More dangerous, Dwyer said, are the type of apps out there that are free. “Targeted at certain demographics these apps are used to sell location details of children to paedophiles and this was for sale within free games. It’s an uncomfortable subject but this is happening.

“Every single piece of information about you has value to the bad guys.”

He said smartphones are in effect mini computers and malicious code is being inserted into text messages and free games. “The dangers are that you could get stuck with a child porn infection on your device or fall victim to SMS fraud. Some 35pc of traffic on Twitter is capable of causing virus downloads, according to Irish company Adaptive Mobile,” Dwyer warned.

Tips on protecting kids using mobile apps this Christmas

Threatscape’s parental guidelines for mobile apps are as follows:

Be involved in your child’s app selection – Explain to your child that even ‘free’ apps can actually carry a risk to their privacy or personal safety, or a hidden financial cost.

Read the small print –Mobile apps often do not warn you in advance that they gather data, display adverts, etc. But some do – so read the small print carefully.

Permit with caution –Read app permissions carefully so consider carefully whether the permissions requested seem reasonable and necessary for the nature of the app being installed.

Discourage jailbreaking and unapproved app stores –Downloading from the official sources is much safer than using third party app sites which cannot be accessed by iPhones unless you ‘jailbreak’ them, as these often contain dangerous apps or pirated versions of genuine apps which have had malicious features added to them.

Research app reputation online – If you are uncertain about an app, research it online to see if others have raised concerns about it

Download count is not a safety indicator –Just because an app has been downloaded by a large number of users – and popular free apps often have millions of users – that is not a reliable indicator that all of its actions are appropriate or welcome.

Lock down purchasing – create a parentally guarded password for access to app stores and in-app purchasing

Watch for unexpected charges – In-app purchases will show up on your credit card bill, and premium SMS costs will show up on the mobile bill for your child’s bill. Watch for any expected charges.

Install security software – Install a mobile security app (popular free ones include Norton and Lookout) as they are able to recognise and block many of the most malicious ‘trojan’ apps.

Install phone updates – From time to time, flaws in mobile operating systems are discovered and free updates are released to prevent hackers or malicious apps exploiting them.

Family computing image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years