Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a difficult security model when the threat actor is a parent who presumably has access to the device and in an unlocked state along with permissions to install anything from anywhere. It's not like the threat actor realistically couldn't (with some effort) see everything the child was doing already just by asking so I don't really see this as a very good threat model.

Sure, Apple might prevent you from installing such applications on devices (though they offer monitoring app usage and websites for parental controls), but that's just because they have a walled garden that could disallow such apps and it's less clear how to weigh app freedom against user safety.

If you're worried about zero days, Android exploits are priced around the same as iOS exploits apparently so take that how you will.



It’s not a zero day. It’s insecure by design. There is a huge difference between parental control and snooping.

You really think you are going to ask a child what are they doing every second and what they talked about and they are going to tell the truth?

What’s stopping someone also from surreptitiously installing the same snooping software on another adult’s phone?

It’s not less clear. There is no reason to allow this type of software to be installed on a phone without a clear indication that it is on there.


If you own a device you can do whatever you want with it. Can you install surveillance cameras in your own home? If yes, then I don't know why you can't install surveillance software on your own device.


Without any indication that it’s on there? Would you feel the same way about an abusive partner installing software surreptitiously on their wife’s/husband’s phone?


> You really think you are going to ask a child what are they doing every second and what they talked about and they are going to tell the truth?

Of course not, but usually adults can force a passcode out (or take the device altogether) or force the child to sign in for them to see at regular intervals, in which case they can observe everything. I would agree that this is excessive for a parent to do, but clearly the parent you are talking about is already taking excessive measures.

> What’s stopping someone also from surreptitiously installing the same snooping software on another adult’s phone?

Presumably, an attacker will not have access to the device and not be freely given the password or access with the ability to install an app. If they do, then there's nothing stopping the attacker from just going through the phone. Installing a app without the person's knowledge would either require you to have inside access or have a zero day.

> It’s not less clear. There is no reason to allow this type of software to be installed on a phone without a clear indication that it is on there.

A lot of the permissions individually make sense and this software could just be composed by a significant number of them. I'm not sure exactly how the software you are referring to works and its scope, so I'll take a narrow example.

In the case of messages, users may legitimately want a different messaging app. If the adult just side loads an arbitrary SMS app, how is that supposed to be distinguishable to the OS whether the app additionally happens to sync these messages to a third party?

In the case of screen capture, that's a perfectly normal use case to stream your screen. Android does warn you when this is occuring.

Or for that matter, many Android devices permit side loading an entire OS. This could be used by the adult to basically bypass any restrictions on apps altogether. This has a completely legitimate use case. Should we block that as well?


Even if the parent “forces a passcode”, they can’t remotely listen in on conversations and see exactly what their child is doing at any given minute.

> Presumably, an attacker will not have access to the device and not be freely given the password or access with the ability to install an app.

Are you really unaware of what a jealous partner can do?

> A lot of the permissions individually make sense

In what world does a permission to “remotely monitor your screen and intercept your voice and hide that the app is installed make sense”?

> A lot of the permissions individually make sense and this software could just be composed by a significant number of them. I'm not sure exactly how the software you are referring to works and its scope, so I'll take a narrow example.

Maybe it’s a bad idea to allow a third party app to have access to your SMS messages especially seeing they are often used for 2FA?

> In the case of screen capture, that's a perfectly normal use case to stream your screen. Android does warn you when this is occuring.

And yet there are plenty of apps for Android that can do this surreptitiously…

You realize you aren’t making a great case for Android here don’t you?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: