Surveillance Disguised as Protection: A Comparative Analysis of Sideloaded and In-Store Parental Control Apps

• URL: http://arxiv.org/abs/2504.16087v1
• Date: Sat, 08 Mar 2025 00:22:20 GMT
• Title: Surveillance Disguised as Protection: A Comparative Analysis of Sideloaded and In-Store Parental Control Apps
• Authors: Eva-Maria Maier, Leonie Maria Tanczer, Lukas Daniel Klausner,
• Abstract summary: Sideloaded parental control apps fall short compared to their in-store counterparts.<n>Three apps transmitted sensitive data unencrypted, half lacked a privacy policy and 8 out of 20 were flagged for potential stalkerware indicators of compromise.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Parental control applications, software tools designed to manage and monitor children's online activities, serve as essential safeguards for parents in the digital age. However, their usage has sparked concerns about security and privacy violations inherent in various child monitoring products. Sideloaded software (i. e. apps installed outside official app stores) poses an increased risk, as it is not bound by the regulations of trusted platforms. Despite this, the market of sideloaded parental control software has remained widely unexplored by the research community. This paper examines 20 sideloaded parental control apps and compares them to 20 apps available on the Google Play Store. We base our analysis on privacy policies, Android package kit (APK) files, application behaviour, network traffic and application functionalities. Our findings reveal that sideloaded parental control apps fall short compared to their in-store counterparts, lacking specialised parental control features and safeguards against misuse while concealing themselves on the user's device. Alarmingly, three apps transmitted sensitive data unencrypted, half lacked a privacy policy and 8 out of 20 were flagged for potential stalkerware indicators of compromise (IOC).

Related papers

• VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents [74.6761188527948]
  Computer-Use Agents (CUAs) with full system access pose significant security and privacy risks.<n>We investigate Visual Prompt Injection (VPI) attacks, where malicious instructions are visually embedded within rendered user interfaces.<n>Our empirical study shows that current CUAs and BUAs can be deceived at rates of up to 51% and 100%, respectively, on certain platforms.
  arXiv  Detail & Related papers  (2025-06-03T05:21:50Z)
• An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives [46.995904896724994]
  This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
  arXiv  Detail & Related papers  (2024-02-21T13:53:25Z)
• On the conformance of Android applications with children's data protection regulations and safeguarding guidelines [3.8029070240258687]
  Even apps designed for children do not always comply with legislation or guidance. This lack of compliance could contribute creating a path to causing physical or mental harm.
  arXiv  Detail & Related papers  (2023-05-15T09:46:56Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps [37.9973848341402]
  We propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies.
  arXiv  Detail & Related papers  (2023-01-29T04:04:13Z)
• SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
  Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset. Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data. We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
  arXiv  Detail & Related papers  (2022-03-29T02:56:40Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• "Money makes the world go around'': Identifying Barriers to Better Privacy in Children's Apps From Developers' Perspectives [28.40988446675355]
  The industry for children's apps is thriving at the cost of children's privacy. These apps routinely disclose children's data to multiple data trackers and ad networks. We used a mixed-methods approach to investigate why this is happening and how developers might change their practices.
  arXiv  Detail & Related papers  (2021-11-29T15:27:55Z)
• Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps [25.30364629335751]
  We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
  arXiv  Detail & Related papers  (2021-09-28T13:40:32Z)
• Saudi Parents' Privacy Concerns about Their Children's Smart Device Applications [0.0]
  Our results show that Saudi parents expressed a high level of concern regarding their children's privacy when using smart device apps. Parents' concerns are not in line with most of the children's installed apps, which contain apps inappropriate for their age, require parental guidance, and request access to sensitive data such as location.
  arXiv  Detail & Related papers  (2021-05-28T07:20:50Z)
• Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions [0.0]
  We present an experimental framework for systematically evaluating security and privacy issues in parental control software and hardware solutions. Our analysis uncovers pervasive security and privacy issues that can lead to leakage of private information, and/or allow an adversary to fully control the parental control solution.
  arXiv  Detail & Related papers  (2020-12-11T17:06:00Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.