What is the problem?
Researchers from Avast have identified that GPS child trackers manufactured by Shenzhen i365 expose user information.
Researchers noted that around 50 GPS tracking mobile applications available on both Google Play and iOS App Store share the same unencrypted API platform.
“As you can see there are strong indicators that this issue goes far beyond the scope of one vendor. We found similar APIs being used by different applications also found models that are not being made by this particular vendor that is linked to this cloud infrastructure,” researchers said in their report.
On June 24, 2019, Avast researchers notified Shenzhen i365 about the vulnerabilities, however, they did not hear back from the vendor.
We have done our due diligence in disclosing these vulnerabilities to the manufacturer, but since we have not heard back after the standard window of time, we are now issuing this Public Service Announcement to consumers and strongly advise you to discontinue use of these devices,” Martin Hron, a senior researcher at Avast said.