Daycare apps are insecure surveillance dumpster-fires
Apps are like software, only worse.
When my EFF colleague Alexis Hancock signed her baby up for daycare, she was told that she had to download a childcare management app — to monitor and specify “feedings, diaper changes, pictures, activities, and which guardian picked-up/dropped-off the child.”
https://www.eff.org/deeplinks/2022/06/daycare-apps-are-dangerously-insecure
This was during the lockdown, and the app was a way to comply with social distancing and contact tracing rules, but it was also designed to help with “separation anxiety of newly enrolled children and their anxious parents.”
Alexis wasn’t the only EFFer with a newborn encountering these apps. Being a digital privacy and security expert, she and her colleagues started to pick apart these apps and seek dialogue with the companies that made them. They discovered a nightmare of bad security practices, worse privacy practice, and yawning indifference to the digital wellbeing of very small children and their parents.
First of all, there was the matter of account security. When Alexis and co started looking into these apps, they all shared a glaring defect: none of them implemented two-factor authentication, “one of the easiest ways to increase your security.”