Group-IB experts conducted a comprehensive safety study of the new FamilyGo mobile app. The application combines the functions of a messenger and a GPS locator, which allows family members to track the location of each other, including children, in real-time.
In early December, FamilyGo entered the US market and is now available on the Google, Apple, Amazon, Samsung, and Huawei mobile app stores. As of November 2021, the total number of downloads across all platforms has exceeded 20,000 users, in Russia the number of users is close to 10,000.
According to FamilyGo forecasts, the global parental control software market will grow from USD 1 billion in 2021 to USD 2.2 billion in 2028. The GPS tracking market is growing at almost the same pace and is already evaluated at $3.4 billion, and thanks to this exponential growth Privacy and security issues are a top priority.
FamilyGo developers have paid a lot of attention to app security. Therefore, to encrypt messages, the Secure Messenger Signal encryption protocol (end-to-end encryption) is used.
Registration in the application by phone number is not mandatory – FamilyGo does not have access to users’ contacts, which cannot be identified by name or geographic location. And since there is no access to sensitive user data, there is no advertising and information gathering for marketing purposes.
To verify the security level of FamilyGo, its creators involved the IB-Group audit team.
Evan Korol, CTO of MyFamily 2.0 Inc. —As product developers, we wanted to test our application for vulnerability. The decisive factor in choosing a company for us was Grupo-IB’s experience in the international market, carrying out research based on standardized and generally accepted methods and, of course, the best quality-price ratio on the market. “
For a comprehensive analysis of the FamilyGo program, experts from the IB-Group Audit and Consulting Department conducted a security review of the mobile app on iOS and Android platforms. As a result, several vulnerabilities were discovered that allow access to certain user and session data, but only if the device is actually in the hands of an attacker.
After Group-IB experts received a detailed technical report on the progress of testing, a description of detected vulnerabilities and recommendations for minimizing potential security threats, the developers of MyFamily 2.0 Inc. Eliminate all these shortcomings immediately. Subsequently, the IB group auditors reassessed and confirmed the correct implementation of their recommendations.
Andrei Brizgin, Head of Group Audit and Consulting – IB, summarized the work carried out: “Measures to improve application security were correctly implemented, and all significant vulnerabilities discovered during the study were eliminated.” – I’d like to highlight the developers’ commitment to creating a truly secure application and their desire for continuous improvement as a process.
The messenger functionality also aims to increase the physical security of users and it is encouraging to see that the developer sees the need to guarantee the security of sensitive data, which is essential to guarantee the declared functionality and trust in the application.
In MyFamily 2.0 Inc. Confirm that after the audit carried out by Grupo-IB, the company plans to continue working with the objective of continuously improving the security of the service.