Making kids apps cyber safe
Online safety underlies all Get Digital’s five basic digital skills. In an age where most children have a smartphone, what can we do to ensure apps made for them are safe?
A couple of weeks ago, I helped judge the national Apps for Good Award, a competition where school kids pitch apps that solve proper problems. The finalists are set to battle it out today at London’s Barbican Centre.
There were loads of brilliant ideas and, with the help of professional developers and marketers, the winner is set to walk away with a fully developed app. Capgemini, who sponsor the award, kindly hosted the judging session at their London offices.
Children growing up today are what you call digital natives. They know how to use networked technology from the get go and most have iPhones, tablets, laptops — some even from as young as three years old! When I was a kid, the only technology I had until about the age of ten was my brother’s hand-me-down GameBoy. If I wanted to trade my Pokémon, I’d have to find another friend with the same device and a connection cable (always tempermental) to network our ancient devices which would allow our oddly-named creatures to pass through the wire’s knackered fibres. On some unfortunate occations the connection would drop mid trade, meaning my level 47 Hitmonchan would be gone forever — lost in transmission to the ether!
As children, my generation — I’m 25 — could barely concieve of WiFi, 4G or blutooth. Wireless, networked technology was something we only saw in science fiction, but here we finally have it — an easy, reliable way of transferring data from one machine to another. So there I was, sitting in a room (and clearly the youngest of twenty or so IT industry bods) reviewing app ideas from a generation who were actually born into a world of these technologies.
It was impressive to see so many examples of kids thinking like real business people. Anyone who has made a business pitch knows how difficult it can be to present an idea that is both feasible and interesting. The kids had prepared marketing and content plans, done their research on target audiences, coded their own prototypes, ID’d data streams and even shot and edited brief videos for the short pitch. Many of the ideas were about helping children overcome mental health problems and disabilities using networked digital content and functionality. The experience really demonstrated to me that children understand the power of technology to transform lives.
Shortly after we started, a lady sat down opposite me and introduced herself as Kiran Bhagotra, founder of ProtectBox — a cyber security startup that helps SMEs customise their digital defenses. We both said how exciting it was to see kids solving real world problems.
A little later she and I got chatting about how developers of apps for children should be ensuring personal information is secure from cyber attacks and exploitation. Children — especially those with mental health issues — are vulnerable to cyber criminals, so how can we keep them safe when using these kinds of apps?
Our conversation made me think about Tech Partnership’s basic digital skills drive, Get Digital, and the importance of ensuring kids and their parents have the necessary skills to stay safe online. Our super-networked world is full of online nasties and traps so we should make sure everyone using technology — and most importantly, children — have the skills to spot them and the tools to stop them. At the very least, that means knowing how to safely manage personal data, talk to each other, pay for stuff, produce content and verify information when online.
Personal cyber security is now a necessity. It goes without saying that if kids are using apps then parents (and even teachers) should be teaching certain precautions to their children and demanding appropriate safety features from app developers. But what precautions? What features?
Now, I’m no expert on cyber security so I asked Kiran for some help.
Kiran, apps often ask users for and store personal data. What are the tell-tale signs that an app is vulnerable to attack?
Unwanted downloads: “If you’re aggressively (unpromptedly) asked to download another app or install a Flash Player update, or claims that a virus infects your computer, something dodgy could be going on. Don’t click on any buttons, don’t install anything as much as you instinctively feel you should. Check the security that you would normally trust first to see if they’re right.”
Email alerts: “If you’re emailed to your personal or work email address by an app, rather than being alerted in the app itself then think twice and check. Apps, in the main, do not send links or ask for details or money outside of the apps themselves. Rarely through your emails — or your protected data as it is seen now — so check that the source is valid. It’s not much more than an email to the app’s customer service or action fraud to ask them if they sent that request.”
Permissions: “If you’re repeatedly prompted to change or update access permissions that the app has to your data, just double check what you’re changing and — I know it’s tough to find the time to do it — dig through your settings to the privacy ones to see what permissions you can actually de-select or not give permission and still use the app. Access settings should be set when you download the app and not typical for them to be updated again repeatedly.”
What can parents do to help keep children safe when using apps?
Public Wi-Fi: “Ideally get them to only access apps over mobile network rather than on public Wi-Fi, as it’s harder to exploit vulnerabilities on mobile networks — though it is still possible.”
“With home or private Wi-Fis, as much as is possible only share access info with family and friends that you trust to be responsible with the info. Or diarise the time to change the access info regularly, instructions to change come with routers and are simple. First time is a bit of a chore but becomes habitual after the first few months.”
“I’m mid forties so I feel like a complete dinosaur when it comes to this, made me feel better Matt that in your mid 20s you feel some of the same. Last one, which probably the hardest is to be a part of your children’s technological upbringing. Share and enjoy their experiences of technology. In a recent conversation with a friend who was trying to decide which languages were best for his kids, I said how about making them tri-lingual with a coding language (basic one like PHP or Java), English — or one of the Anglo-Saxon languages as grammatically they’re similar structures — and then a symbols or cyrillics based phonetic language.”
What security protections should parents demand from app developers who market products to children?
Security by Default: “Children cannot use the app without a basic level of security (or risk) awareness having been evidenced (consensus-devised checklist not regulation) before sign-up is granted.”
Better (societal) security generally: “So many of the apps we judged — which I agree with Matt could’ve been put together by serial entrepreneurs due to their rigour and professionalism — were extensions of equivalent apps for adults. To some degree the originals (for adults) needed to have been more secure for the children to extend them properly.”
Regulation or legislation: “There are already so many UK networks promoting coding at school, as mentioned in my talk at the Royal Holloway, University of London’s WISDOM (Women in Security Domain (and)/Or Mathematics) group, trying to achieve a mid-ground between the two. I’d love to know what you’d prefer, let me know at firstname.lastname@example.org.
“Best advice that I can share (to quote a well-known security blogger) is that “If you didn’t go looking for it, don’t download it!” Trust your instincts, the ‘dark side’ (or ‘dark web’ or ‘deep web’) are counting on you double guessing yourself…don’t, trust yourself!”
These are all great points. While many are common sense it helps reinforce why it’s so important that children are taught these basic skills.
← Here’s a great short video to remind ourselves what children should by wary of when using the internet-enabled software.
By Matthew Oliver, Tech Partnership