A South Korean child-monitoring smartphone app that was removed from the market two years ago when it was found to be riddled with security flaws has been reissued under a new name and still puts children at risk, researchers say.
The app "Cyber Security Zone" is part of government efforts to curb what authorities consider excessive mobile phone use by young people.
Parents are required by law to install monitoring software on smartphones for all children 18 and under.
The app is almost identical to a previous system, "Smart Sheriff", which left children's private information vulnerable to hackers, according to internet watchdog Citizen Lab at the University of Toronto.
Both were developed under the auspices of MOIBA, the industry association for South Korean mobile phone service providers.
"The flaws in the apps open the door to possible breaches of sensitive information including passwords, phone numbers, and other user data," Citizen Lab said in a statement.
"Smart Sheriff" was one of a family of apps intended to monitor children's online behaviour. Some, like Smart Sheriff, act as filtering or blocking tools, while others send alerts to parents if children swear or talk about sex or bullying.
The apps have raised privacy activists' hackles, but experts have also been scathing about their lack of security.
Cure53, a German auditing firm, said in 2015 that Smart Sheriff was "fundamentally broken".
Citizen Lab and Cure53 now say the app appears to have been rebranded as "Cyber Security Zone" - the equivalent of putting a fresh coat of paint on a dangerous old clunker.
MOIBA denied the two systems were the same and an official of the group said a review by the government's Korean Internet & Security Agency found security for "Cyber Security Zone" satisfactory.
KISA officials who looked at the Citizen Lab report said their agency's audit failed to catch at least one security lapse: the app's developer had not encrypted a key to the password.
That stemmed from the app's design.
.
