APNewsBreak: South Korea pulls plug on child monitoring app
By RAPHAEL SATTER and YOUKYUNG LEE, Associated Press
Nov 1, 2015 8:54 PM CST
FILE - In this Thursday July 16, 2015, file photo, South Korean high school students play games on their smartphones on a bench on the sidewalk in Seoul, South Korea. The most widely used child surveillance app in South Korea is being quietly pulled from the market after security specialists raised...   (Associated Press)

SEOUL, South Korea (AP) — The most widely used child surveillance app in South Korea has been pulled from the market after security specialists raised serious concerns about the program's safety.

Moon Hyun-seok, a senior official at the Korea Communications Commission, told The Associated Press that "Smart Sheriff" has been removed from the Play store, Google's software marketplace, and that existing users are being asked to switch to other programs.

The government plans to shut down the service to existing users "as soon as possible," he said.

Smart Sheriff's maker, an association of South Korean mobile operators called MOIBA, declined comment.

Smart Sheriff's disappearance is a blow to South Korea's contentious effort to keep closer tabs on the online lives of its youngest citizens. Less than a year ago, the government and schools sent letters to students and parents to encourage them to download Smart Sheriff.

A law passed in April requires all new smartphones sold to those 18 and under to be equipped with software which parents can use to snoop on their kids' social media activity. Smart Sheriff, the most popular of more than a dozen state-approved apps, was meant to keep children safe from pornography, bullying and other threats, but experts say its abysmal security left the door wide open to hackers and put the personal information of some 380,000 users at risk.

Pulling the plug on Smart Sheriff was "long overdue," said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app's code.

In a pair of reports published in September, Cure53 described the app's security as "catastrophic." Citizen Lab, which is based at the University of Toronto's Munk School of Global Affairs, said the problems could lead to a "mass compromise" of all users.

MOIBA said in response then that the vulnerabilities had been dealt with in the six weeks preceding publication of the reports. But the researchers said in new reports published Sunday that the fixes were mainly cosmetic. Anderson said they were "akin to putting a lock on a few of the doors but then leaving the keys to the locks outside."

Mario Heiderich of Cure53 said it wasn't his place to say whether it was right to mandate the installation of monitoring apps on children's phones. But he said Smart Sheriff's implementation of the surveillance was disastrous.

"If you are going to do it at all, you have to do it right," he said. "And this was not done right at all."

Anderson said there was no guarantee that the other monitoring apps didn't also have security issues.

"How do we know that any of these other apps are not similarly exposed?" he said.

___

Satter reported from London.

___

Citizen Lab report on Smart Sheriff: https://citizenlab.org/2015/11/smart-sheriff-update

Cure53 report on Smart Sheriff: https://cure53.de/pentest-report_smartsheriff-2.pdf

MOIBA: https://www.moiba.or.kr

___

An earlier version of this story misspelled the last name of Mario Heiderich.