Daycare apps are insecure surveillance dumpster-fires

Apps are like software, only worse.

6 min readJun 23, 2022

A line of kindergartners horsing around in a toddler-sized institutional bathroom, looking into the mirror. Out of the mirror is the glaring eye of HAL 9000 from 2001: A Space Odyssey. The kids’ reflection is color-inverted, and their reflected, inverted faces are traced with facial recognition geometry lines. Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en German Federal Archives (modified) https://

When my EFF colleague Alexis Hancock signed her baby up for daycare, she was told that she had to download a childcare management app — to monitor and specify “feedings, diaper changes, pictures, activities, and which guardian picked-up/dropped-off the child.”

https://www.eff.org/deeplinks/2022/06/daycare-apps-are-dangerously-insecure

This was during the lockdown, and the app was a way to comply with social distancing and contact tracing rules, but it was also designed to help with “separation anxiety of newly enrolled children and their anxious parents.”

Alexis wasn’t the only EFFer with a newborn encountering these apps. Being a digital privacy and security expert, she and her colleagues started to pick apart these apps and seek dialogue with the companies that made them. They discovered a nightmare of bad security practices, worse privacy practice, and yawning indifference to the digital wellbeing of very small children and their parents.

First of all, there was the matter of account security. When Alexis and co started looking into these apps, they all shared a glaring defect: none of them implemented two-factor authentication, “one of the easiest ways to increase your security.”

Daycare apps are insecure surveillance dumpster-fires

Apps are like software, only worse.

Written by Cory Doctorow