Flaw in Facebook’s Messenger Kids app let unapproved strangers enter chats

Sourced from: http://digitalmarketingmagazine.co.uk/digital-marketing-news/flaw-in-facebook-s-messenger-kids-app-let-unapproved-strangers-enter-chats/5037

A design flaw in the kids app for under-13s has allowed unauthorised users to be part of group chats.

Launched in 2017, Messenger Kids was made for children to interact with one another once a parent (or guardian) approves the friendship.

However a design flaw in the app has made it possible for unapproved users to be part of group chats and interact with the young users.

On a normal one-on-one chat, conversations can only be initiated with users who have been approved by the child’s parents. However when a group chat is created, the user who launched it can invite any user that was authorised to chat with them, even if that user has not been authorised to chat with others in the group. This consequently has led to thousands of children chatting to unauthorised users.

Facebook has been quietly alerting thousands of users stating:

“Hi [PARENT],

We found a technical error that allowed [CHILD]’s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]’s parent-approved friends. We want you to know that we’ve turned off this group chat and are making sure that group chats like this won’t be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We’d also appreciate your feedback.”

No official statement has been made, however the company confirmed that it had started notifying parents of Messenger Kids account users about the error.

“We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety”.

James Steyer, founder and chief executive of Common Sense said, “Facebook Messenger Kids is just the latest example of a Facebook product that poses unknown privacy risks to parents and users”.

Leave a Reply

Your email address will not be published. Required fields are marked *