Facebook’s Messenger Kids app has a flaw which could expose kids to unauthorised users

2 min read

Unfortunately, this world is a horrible place where you simply can’t’ trust everyone n the internet. To ensure kids don’t fall victim to these undesirables who prowl on kids, Facebook has instituted measures that ensure kids are only allowed to chat with individuals approved by their parents, through its Messenger Kids app. A reasonable safeguard given the prevalence of sick people out there.

However, it turns out there is a bug in Facebook’s Messenger Kids app around the group chat feature which has led to the ability for kids to engage in conversation with people not approved by their parents and as a result, Facebook has decided to shut down group chats from this app until such a time as it gets resolved, as revealed in this message below that was sent out to parents (and revealed by The Verge):

We found a technical error that allowed [CHILD]’s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]’s parent-approved friends. We want you to know that we’ve turned off this group chat and are making sure that group chats like this won’t be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We’d also appreciate your feedback.

The bug apparently arose from the way Messenger Kids’ unique permissions were applied in group chats. In a standard one-on-one chat, children can only initiate conversations with users who have been approved by the child’s parents. However, those permissions become more complex when applied to group chats with multiple users involved. Whoever launches the group can invite any user who was authorized to chat with them, even if that user wasn’t authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users, a violation of the core promise of Messenger Kids.

It’s unclear how long this bug has been present in the app, which launched back in December 2017, but understandably the feature does need to be turned off while Facebook fixes it. Considering the app is design for kids under 13, it is subject to the Children’s Online Privacy Protection Act (COPPA), which this is in violation of. It’s unclear if the company will face any further fines as a result of this bug or if their actions following it being uncovered will be considered sufficient enough.

Last Updated: July 23, 2019

Check Also

Facebook to allow users to take control of the data they share – just not in South Africa

After years and years of misappropriating user data, it appears as if Facebook will finall…