0411 GMT April 06, 2020
The decision to decommission 'Smart Sheriff' complicates the enforcement of South Korean rules which require new smartphones sold to those 18 and under to be equipped with surveillance software. Although the app was meant to keep children safe from pornography, bullying and other threats, experts say the app's sloppy security put the personal details of hundreds of thousands of children at risk, Physorg reported.
Moon Hyun-seok, a senior official at Korea Communications Commission, said that the app has already been removed from the Play Store, Google's software marketplace, and that existing users are being asked to switch to other programs.
Smart Sheriff's maker, an association of South Korean mobile operators called MOIBA, did not return a message seeking comment on the removal of its product.
Smart Sheriff acts as a kind of baby sitter for smart phones, alerting parents to how much time their kids are spending on the devices, flagging objectionable words and blocking access to unsavory websites. Researchers at Internet watchdog group Citizen Lab and German software auditing firm Cure53 say Smart Sheriff also leaves the door wide open to hackers, allowing easy access to the personal details of some 380,000 young users.
In a pair of reports published September, Cure53 described the app's security as 'catastrophic'. Citizen Lab, which is based the University of Toronto's Munk School of Global Affairs, said the problems could lead to a 'mass compromise' of all Smart Sheriff accounts.
MOIBA said in response that the vulnerabilities had been dealt with in the six weeks preceding publication of the reports, but the researchers said in a new report published Sunday that fixes were inadequate.
"It'd be akin to putting a lock on a few of doors but then leaving the keys to the locks outside," said Collin Anderson, an independent researcher who has been collaborating with Citizen Lab.
It was unclear precisely why or exactly when the government decided to pull Smart Sheriff from the Play Store or whether it plans to cut off users who wish to keep the app operational despite the security concerns.