LONDON - The most widely used child surveillance app in South Korea is being quietly pulled from the market after security specialists raised serious concerns about the program’s safety.
Moon Hyun-seok, a senior official at the Korea Communications Commission, told The Associated Press that Smart Sheriff has been removed from the Play Store, Google’s software marketplace, and that existing users are being asked to switch to other programs. Smart Sheriff’s maker, an association of South Korean mobile operators called MOIBA, did not return a message seeking comment.
Smart Sheriff’s disappearance is awkward news for South Korea’s effort to keep closer tabs on the online lives of its youngest citizens.
A law passed in April requires all new smartphones sold to those 18 and under to be equipped with software that parents can use to snoop on their kids’ social media activity. Smart Sheriff, the most popular of more than a dozen state-approved apps, was meant to keep children safe from pornography, bullying and other threats, but experts say its abysmal security left the door wide open to hackers, putting the personal information of some 380,000 users at risk.
Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code. In a pair of reports published in September, Cure53 described the app’s security as “catastrophic.” Citizen Lab, which is based at the University of Toronto’s Munk School of Global Affairs, said the problems could lead to a “mass compromise” of all users.
MOIBA said in response then that the vulnerabilities had been dealt with in the six weeks preceding publication of the reports, but the researchers said in new reports published Sunday that fixes were mainly cosmetic, “akin to putting a lock on a few of the doors but then leaving the keys to the locks outside,” Anderson said.
It was unclear precisely why or exactly when the government decided to pull Smart Sheriff from the Play Store or whether it plans to cut off users who wish to keep the app installed despite the security concerns.
Cure53’s Mario Heiderich said the program still appears to be working for existing users, and AP could find no announcement about the development on the Smart Sheriff website Sunday.
Heiderich said it wasn’t his place to say whether it was right to mandate the installation of monitoring apps on children’s phones. But he said South Korea’s implementation of the surveillance regime was disastrous.
“If you are going to do it at all, you have to do it right,” he said. “And this was not done right at all.”
Anderson worried that the surveillance apps Smart Sheriff’s users are being asked to migrate to may have similar security issues.
“How do we know that any of these other apps are not similarly exposed?” he said.