Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

New app has teachers concerned due to lack of user verification

published on 2023-06-22 14:10:59 UTC by philviles
Content:

A new app entitled W is being discussed amongst teachers about how it operates with seemingly very little jurisdiction or control. In this blog, our Digital Media and Communications Officer Phil Viles shares a post from a concerned teacher at his child’s school, and delves into W himself.

At a school in Derbyshire, which shall remain anonymous, a teacher posted her concerns to parents about a new app that is becoming popular with students.

The information she shared, via an online specialist, is outlined below, and if you’re a parent of a child who owns a smartphone, you may want to read this.

The post reads..

“Over the last week I've had a couple of schools ask about an app called 'W'. I had to do a little bit of digging and there is very little information out there apart from the fact that it is an anonymous poll app. One of the polls given on the website home page is "Who thinks teachers are hot?". This immediately got my attention.

“So I decided to install the app onto my phone to investigate it further...and what I found is concerning. I inputted a false name and gave my age as 51, at which point the app used the GPS on my phone to show me all the primary and secondary schools in my local area, as well as how many students in those schools were signed up. The app then allowed me to connect to 'my school', as a 51 year old!! Notably, the primary schools seemed to have more users than the secondary schools.

“You are then invited to allow access to contacts on your phone (which I didn't do), at which point you can then start taking part in polls.

“The terms state that you have to be 13 to use the app. However, there are no age verification or assurance processes.

“The app only works with notifications turned on, and there are A LOT of notifications. Polls can be shared on Instagram and Snapchat (the website also refers to TikTok but that isn't available in the app).

“Without taking part in any polls, I was receiving notifications stating that someone had picked me in a poll. When you have completed a poll you are invited to play again, but you have to either wait an hour or invite friends, which means giving access to your contacts and sending an alert to others. This creates curiosity (what am I missing out on here?). It is persuasive design at its worst and is the means by which the company are gaining traction quickly.

“You can also send anonymous voice memos and create anonymous polls."

The post continued...

“At 11.50pm, on a Saturday evening, I got a notification stating: ‘this is the most active time for Year 8 students'.

“On their FAQ page, Slay (the developers from Berlin) state: ‘We only let friends, contacts and classmates vote for each other. Never strangers.’ Yet I was able to sign up to a school...as a stranger.

"‘We do not allow adults to join schools’, it continues. Yet I signed up as a 51-year-old and chose a school.

“I'm not sure what to make of this app just yet as there is so little data, but the signs are not good. As yet I'm not hearing of any specific concerns (other than those above), so if you do hear anything please share with other schools. You can view the app web page here: https://www.slay.cool/

Phil Viles, Digital Media and Communications Officer at the EMCRC, confirmed that the app is worrisome on inspection:

“Having read the account from one of the teachers at my child’s school, via an online specialist, I downloaded the app and discovered that what I had read was absolutely right. I chose my actual age of 45 and entered the app unchallenged. If this is an app for children, why is the age drop-down menu not capped? You can enter any age (apart from 12. Upon entering 12 you are warned you're not old enough to use the app. So why give the option?), and then choose any school in your area based on your GPS location. This is despite their terms clearly stating ‘We do not allow adults to join schools. We only let friends, contacts, and classmates vote for each other. Never strangers’. Yet there I was, a 45-year-old stranger accessing the app.
"On my second attempt at interrogating the app, I purposely entered false credentials. I entered a false name, Chris Forbes, and put my age as 17. Apart from 2FA which sends a 6-digit pin to your phone, there are no further checks. The site generated a username for me, I chose a school, and in I went. That’s as far as my interaction went as I was shocked I had gotten this far unchallenged and was able to vote on polls and interact as a fake profile. The very fact that entering false credentials gets you so far is very concerning.
"The website states: ‘SLAY is a positive-only app where users answer positive polls about others. We bring a breath of fresh air to the perception of young people and put positivity in the foreground. SLAY allows users to compliment their friends and be honest through anonymity. We provide a safe space for teenagers and young adults’.
"By allowing all ages to join, that statement of 'we provide a safe space for teenagers and young adults' instantly becomes totally null and void. When I lied about who I was and entered an age which was accepted by the app, there is no validation or verification process. At 45, I was posing as a 17-year-old with a false name with no questions asked, which, as I said, is even more worrying. I have since deleted the app”.

This app as relatively new, created in October 2022 by a group of developers in Berlin, so these may be teething problems. But they are problems whch the designers clearly need to work on.

Have you or your child used W? If so, we’d like to hear about your experience with the app via info@emcrc.co.uk.


Article: New app has teachers concerned due to lack of user verification - published over 1 year ago.

https://www.emcrc.co.uk/post/new-app-has-teachers-concerned-due-to-lack-of-user-verification   
Published: 2023 06 22 14:10:59
Received: 2023 06 22 15:28:06
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor