Surveillance Disguised as Protection: A Comparative Analysis of Sideloaded and In-Store Parental Control Apps
Eva-Maria Maier, Leonie Maria Tanczer, Lukas Daniel Klausner
TL;DR
The paper scrutinizes sideloaded versus Google Play Store parental control apps, revealing that sideloaded tools often provide broader monitoring at the cost of weaker safeguards, privacy policy clarity, and encryption practices. Through static APK analysis, policy review, and network traffic assessment on 20 sideloaded and 20 store apps, the study finds higher overreach in permissions and potential stalkerware indicators among sideloaded apps, alongside inconsistent policy coverage and transparency. The work highlights systemic risks to children’s privacy, calls for safety-by-design standards, regulatory action, and coordinated disclosure to mitigate misuse and data exploitation in the sideloaded app ecosystem. This research thus informs policymakers, developers, and parents about the privacy and security gaps in sideloaded parental-control software and the urgent need for robust governance as app distribution channels evolve.
Abstract
Parental control applications, software tools designed to manage and monitor children's online activities, serve as essential safeguards for parents in the digital age. However, their usage has sparked concerns about security and privacy violations inherent in various child monitoring products. Sideloaded software (i. e. apps installed outside official app stores) poses an increased risk, as it is not bound by the regulations of trusted platforms. Despite this, the market of sideloaded parental control software has remained widely unexplored by the research community. This paper examines 20 sideloaded parental control apps and compares them to 20 apps available on the Google Play Store. We base our analysis on privacy policies, Android package kit (APK) files, application behaviour, network traffic and application functionalities. Our findings reveal that sideloaded parental control apps fall short compared to their in-store counterparts, lacking specialised parental control features and safeguards against misuse while concealing themselves on the user's device. Alarmingly, three apps transmitted sensitive data unencrypted, half lacked a privacy policy and 8 out of 20 were flagged for potential stalkerware indicators of compromise (IOC).