Your kid isn't the customer- They are the crop

      Picture this: your child’s phone is locked down. Content filters on. Location tracking on. Parental control app proudly installed. You finally exhale — you’ve done the responsible thing.

      But there’s a problem almost no one talks about. The app guarding your child’s screen may also be quietly collecting, storing, and sharing their data — turning your child’s “safety” tool into another source of harvesting  surveillance and profit.  This isn’t a some 80's scare story. It’s how many of these apps are actually built to work.     

      Parental control apps are marketed as digital guardians. Offering parents peace of mind by protecting kids from online dangers and influences. But under the hood, many of these tools act more like spyware — harvesting extremely sensitive information and quietly feeding it into the machinery of the surveillance economy.

        Many user agreements openly admit that they sell your personal information. Others insist they don’t — until investigations later reveal that they’ve been quietly selling millions of records all along. source

What They Track.

Most parental monitoring apps go far beyond basic screen time limits and monitoring features. Here’s a sample of what many of them quietly collect:

• Real-time GPS location (updated as frequently as every few seconds)
• Complete SMS and app message logs (including deleted messages)
• Call history and contact lists Web history and search queries
• Photos and videos stored on the device
• Social media activity, including screenshots of Instagram, Snapchat, TikTok, and other apps
• Microphone and camera access, in some cases (under the guise of "emergency tools") This is the kind of invasive data extraction that would be illegal without consent — but because it's done under the pretense of “parental control,” it's given a free pass. (Source: DOI)

       Kids’ apps aren’t just “cute games”—they’re often miniature data pipelines.

 ⛔  An ABC (Australian Broadcasting Corporation)-reported audit of 186 Android kids’ entertainment apps found 59% contained “concerning” code that collected or shared children’s data, which means the privacy risk isn’t a rare edge case—it’s the default in a big chunk of the category.

⛔  A larger academic study (20,195 kids-targeting apps on Google Play) found 81.25% of “Family” apps embedded trackers that aren’t allowed for kids’ apps, and 4.47% still requested location permissions despite platform rules—exactly the kind of signals that enable profiling.

Industry measurement points in the same direction:

⛔  Pixalate reports 44% of likely child-directed apps request permissions that access personal information,

⛔  A later analysis found 53% of ad-enabled apps flagged as likely non-compliant requested sensitive permissions (e.g., location, camera, microphone), while 72% shared location data with advertisers.

⛔  And this isn’t new: PETS (Privacy Enhancing Technologies Symposium) research analyzing 5,855 popular free children’s Android apps documented recurring COPPA (Children’s Online Privacy Protection Act) risk patterns, including persistent identifiers and data flows that don’t match what parents think they’re consenting to.

Where the Data Goes.

     Here's where things get darker. Many of these apps don’t just collect the data and keep it between parent and child. They store it on corporate servers — and that data becomes a monetizable asset.

     Many parents who aren’t tech savvy and even those that are, will forget, not know, or downplay that the information gleamed from their children’s devices isn't directly linked to their (parents) phone. The information is first sent and saved onto a server, maybe in Minneapolis maybe in Belarus. The point and the worry is, computer security and personal security and your children's safety is in proportion to the competency and moral character of those handling the devices and software that collect all your family’s data to not to sell it or even worse use it against you.

The scary shit.

     A 2021 report by The Markup found that Life360, one of the most popular family tracking apps, was selling precise location data to dozens of data brokers. These brokers then resell it to advertisers, insurance companies, and even law enforcement. This isn't a bug — it's part of the business model. In fact, Life360 was described by one data broker as "one of the most valuable sources of data” (Source: Keegan and Ng 2021).

    Another app, Bark, has been praised for its AI-based alerts about bullying or self-harm. But even Bark’s privacy policy acknowledges it may “share personal information with third-party service providers and business partners.”

And then there’s mSpy, a widely used app that’s often installed without the child’s knowledge. It has a history of data breaches and has been flagged repeatedly by security experts for lax protections. One 2018 leak exposed thousands of user credentials and activity logs (Krebs 2018).ⁱⁱⁱ

The Data Is Forever

Parents might think, “I’m just checking on my kid — no one else will see this.” But the minute that data hits a server, it’s at risk of:

• Being resold
  
• Leaked in a breach
• Accessed by employees, contractors, stalkers, or foreign governments
• Used to build profiles for future advertising or insurance risk scores

    Hitting delete is like shaking your phone to get your steps in for the day.  It may make you feel better, but you really didn't do anything.   The app and the company may retain the data for months or even years. And your child’s browsing history, location, messages, and photos become just another data point in the global trade of behavioral profiling.

From Home to the Panopticon

    The terrifying irony is clear. Parents install these apps to protect their children from strangers online — while the app itself acts like a stranger watching from the shadows. The home becomes a testing ground for how we normalize surveillance: not just accepting it, but paying for it, enabling it, and calling it “good parenting.”

OK Khattab, Now what?

    If your parental control app is basically a commercial keylogger in a cartoon icon, the answer isn’t “find a slightly nicer spy.” It’s to rethink the whole setup.

Research keeps finding the same thing:   a lot of parental control apps are permission-hungry, quietly shipping sensitive data off the phone, and some “unofficial” ones behave like full-blown stalkerware—hiding on the device, transmitting data unencrypted, and offering call interception, remote screenshots, and message access.  (Source: USTP )

So the goal isn’t “find the perfect app.” It’s:

• Less spying.
• More guardrails.
• More honest conversations.

👍   Start by ditching stealth mode

  If an app:

• has to be side-loaded from some random website instead of a real app store,
• hides itself from your kid,
• offers call recording, microphone access, or “remote screenshots,” or
• proudly advertises itself as “undetectable,”

…that’s not “parental control.” That’s stalker-ware, and researchers are explicitly warning that these tools are ripe for domestic abuse and serious privacy violations. (Source: PET Symposium)

Delete it. Then tell your kid you deleted it. The repair starts there.

👍 Use built-in tools first (they’re boring, but usually less creepy)

Before you hand your data to a random start-up, squeeze as much as you can from what’s already on the device:

• Apple Screen Time (iOS / iPadOS)
  Lets you set downtime, app limits, content ratings, and communication limits inside Apple’s ecosystem.
• Google Family Link (Android / Chromebook)
  Lets you create supervised accounts, manage app installs, set bedtimes, and put basic limits on browsing and screen time.
• Console & platform controls (Xbox, PlayStation, Switch, etc.)
  All the big platforms have built-in family/child profiles and content filters. They’re not perfect, but they’re at least part of a regulated, visible system—not some sideloaded spy tool. MEXC

Pros:

• No sketchy third-party data broker in the middle.
• You’re mostly dealing with major companies that at least pretend to care about compliance and kids’ privacy.
  
  

Watch out for:

• You’re still feeding data to Apple/Google/etc.
• Defaults are not always “privacy-maximal.” Go into settings and turn off anything that screams “personalized ads,” “product improvements,” or “share diagnostics.”
  
  

👉 Shift from spying to blocking with network-level tools

     If your real concern is porn, gambling, or obviously dangerous sites—not reading your kid’s DMs—then you don’t need a surveillance app at all. You can filter at the network level:

• CleanBrowsing DNS Family Filter – Free DNS service that blocks adult content and enforces SafeSearch on major search engines and YouTube. Designed specifically for families and schools, and emphasizes privacy-respecting operation. CleanBrowsing Link

• OpenDNS FamilyShield – Free DNS from Cisco/OpenDNS that blocks adult sites and some malicious domains for everything on your home network. OpenDNS Link

You change the DNS settings on your router once, and every device using that Wi-Fi gets the same baseline protection—no per-child profile, no “let us read every message” tradeoff.

This doesn’t solve everything, but it:

• cuts down on obvious harms,
• doesn’t require you to install spyware on your kid’s phone, and
• keeps the “control” on hardware you own.

👉  If you must use a parental control app, choose the least-bad option

     Sometimes you genuinely do have a high-risk situation (self-harm, exploitation, court orders). If you end up using a monitoring app, treat it as a temporary medical device, not “the new normal.”

Here’s how to pick the least awful option:

Non-negotiables:

1. Only from official app stores.
   Studies comparing in-store vs sideloaded parental apps found sideloaded ones are dramatically worse for privacy—missing privacy policies, sending data unencrypted, and showing multiple stalkerware indicators. (Source: Pet Symposium) 
   
   
2. No stealth, ever.
   Avoid anything that hides the icon, disguises itself, or gives you “secret” access. Those are the exact behaviors researchers flag as abusive. (Source: University College London)
   
   
3. Clear, readable privacy policy.
   If you can’t quickly answer:

• What data do they collect?
• Who do they share or sell it to?
• Can I delete all data on request?
  …that’s a hard no. Mozilla’s Privacy Not Included guide literally teaches you how to scan policies for red flags. (Source:  Mozilla Foundation)

  4. No “we make money from your data.”

A recent analysis of kids’ apps found that about 60% ask for permissions unrelated to their basic function—location, microphone, contacts—exactly the stuff that fuels tracking and profiling.

  5. Minimal features, minimal data.
        Prefer tools that do:

• time limits
• app blocking
• basic web filtering
  …and don’t do:
• full message/keylogging
• microphone or call recording
• remote screenshots of everything on the device
  
  

How to sanity-check candidates without trusting the marketing page

• Run them through Mozilla’s Privacy Not Included – see if they’ve been reviewed or if similar products from the same company got a giant red flag. Mozilla Foundation+1
• Check Common Sense Media’s privacy ratings – they now score apps on privacy, not just content. Common Sense Media+3Common Sense Media+3Common Sense Media+3
  
  

If you end up with a mainstream name (Bark, Qustodio, etc.), treat it as “least-bad with guardrails,” not “safe by default,” and still lock down every privacy setting you can. (Source: TechRadar)

And whatever you pick: tell your kid exactly what it does and why you’re using it.

👉  Make a Family Tech Agreement instead of a secret file on your kid

The one “tool” that doesn’t show up in app stores:

• Sit down and write a Family Tech Agreement together:
• When and where phones are used.
• What apps are allowed.
• What happens if something goes wrong (bullying, nudes, strangers, etc.).
• When you might look at their phone—and how you’ll talk about it.

Common Sense Media and other orgs have age-based guides and templates you can steal shamelessly. Common Sense Media+2Common Sense Media+2

That doesn’t make predators or algorithms disappear, but it does something the apps can’t: it tells your kid, “I’m on your side, and I’m not secretly listening at the digital keyhole.”

👉Red-flag checklist: delete the app immediately if…

You can drop this as a callout box:

Delete any “parental control” app that:

• has no privacy policy or a copy-pasted generic one
• is only available by sideloading from a random site
• offers hidden/stealth mode as a headline feature
• intercepts calls, records audio, or captures all messages
• refuses to tell you how to delete your kid’s data

Because at that point, it’s not protecting your child. It’s making them a product.

TL;DR for parents

You don’t have to choose between “total surveillance” and “total chaos.”

• Start by removing covert spy-apps.
• Use built-in controls and network-level filters to handle the obvious dangers.
• If you truly need extra monitoring, pick something transparent, limited, and independently reviewed.
• Most importantly, replace silent tracking with loud conversations.

That’s the actual safety upgrade.

End Notes and References

i   Abdullah, Muhammad Naim, and Nurhafisah Baidilah. 2022. “CCMTV: Android Parental Spying Apps Utilizing Child’s Phone Camera and Microphone.” AIP Conference Proceedings 2617 (1): 040004. https://doi.org/10.1063/5.0119764

ii   Keegan, Jon, and Alfred Ng. 2021. “The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users.” The Markup, December 6, 2021. https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user

iii   (Maier, Tanczer, and Klausner 2025).ⁱ

i Maier, Eva-Maria, Leonie Maria Tanczer, and Lukas Daniel Klausner. 2025. “Surveillance Disguised as Protection: A Comparative Analysis of Sideloaded and In-Store Parental Control Apps.” arXiv, April 2025. https://arxiv.org/abs/2504.16087