Hugely popular family tracking app leaked locations in real time

One of the most downloaded family apps was found to have been leaking users’ locations online in real time.

In a major case of irony, an designed to help parents see where their children are at any given moment for their protection could have allowed anyone to see where they were without needing access to a secure account.

According to TechCrunch, the Locator app designed by the Australian company React Apps was leaking the real-time locations of its nearly quarter of a million users for a number of weeks. Rather than it being stored in a secure server, the developers were storing the location information in an entirely unencrypted, easily accessible MongoDB server.

The discovery was made by security researcher Sanyam Jain, who is also a member of the non-profit GDI Foundation, that advocates for a safer and open internet. After reviewing the database, Jain found that each of the account records contained their personal information and a plaintext version of their passwords.

This also included records of the location of the account holders and their family members with a precision down to just a few metres, as well as named coordinates for geofenced areas setup by parents that would alert them if their child were to stray from a given location. All of this data, Jain said, was unencrypted and subsequent tests and correspondence with other users confirmed that their location was being uploaded to the open server within a matter of seconds.

TechCrunch’s attempts to contact React Apps provided no answers with its website and privacy policy providing little, if any, information on its owners and office location. However, after the existence of the open server was brought to the attention of Microsoft  which hosted it on its Azure platform  it was quickly removed.

This isn’t the first time that the locations of a product’s users have been exposed for anyone to see, as last year a researcher discovered a bug in the LocationSmart website that allowed tracking of millions of phones.

You might also like More from author

Comments are closed.