Security flaws prevalent in daycare monitoring apps

Significant security vulnerabilities have been discovered in widely used daycare and childcare communications apps, The Verge reports. Two-factor authentication was lacking in popular apps, including Brightwheel, Tadpoles, and HiMama, an Electronic Frontier Foundation report revealed. The findings also showed that the apps allowed data sharing with Facebook and other third-party platforms even if such data use was not detailed in their respective privacy policies. "I found trackers in a few apps. I found weak security policy, weak password policies. I found vulnerabilities that were very easy to fix as I went through some of the applications. Really just low hanging fruit," said EFF Certbot Director of Engineering Alexis Hancock, who conducted the study. Brightwheel has already adopted 2FA after being notified by the EFF while such a feature is under consideration at HiMama. However, Tadpoles has yet to express the intention to proceed with 2FA adoption. The EFF study comes after over two-thirds of children-friendly apps were found to be sharing personal data with the advertising sector.