Latest in Gear

Image credit: Rawf8 via Getty Images

Family tracking app leaked real-time location data for weeks

It would have let intruders spy on a child's whereabouts.
517 Shares
Share
Tweet
Share
Save

Sponsored Links

Rawf8 via Getty Images

Family tracking apps can be very helpful if you're worried about your kids or spouse, but they can be nightmarish if that data falls into the wrong hands. Security researcher Sanyam Jain has revealed to TechCrunch that React Apps' Family Locator left real-time location data (plus other sensitive personal info) for over 238,000 people exposed for weeks in an insecure database. It showed positions within a few feet, and even showed the names for the geofenced areas used to provide alerts. You could tell if parents left home or a child arrived at school, for instance.

This wasn't helped by React's own issues with accountability. Its site had no contact information, and even its WHOIS record masked the email address. Messages through the feedback form turned up nothing. The database didn't go offline until TechCrunch asked Microsoft to reach the developer, who still hasn't said anything about the leak.

It's not clear if anyone beyond Jain or TechCrunch accessed the database.

While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it's difficult to verify that developers are securing your location info every step of the way. If they don't and there's a breach, it could lead to very real threats that could include physical danger.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
517 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
One of Linux's most important commands had a glaring security flaw

One of Linux's most important commands had a glaring security flaw

View
New leak shows Google’s Nest Mini comes with a wall mount

New leak shows Google’s Nest Mini comes with a wall mount

View
Harley-Davidson suspends LiveWire production over a charging glitch

Harley-Davidson suspends LiveWire production over a charging glitch

View
Uber lays off employees from Eats, self-driving cars and other teams

Uber lays off employees from Eats, self-driving cars and other teams

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr