A Design Flaw From Facebook Lets Kids Chat With Unauthorized Users

Facebook built its Messenger Kids around a simple principle: children should not be allowed to chat/ talk with users who have not received approvals from their parents. However, a design flaw on the platform is abling users to bypass that protection, allowing kids to participate in group chats which are full of unapproved strangers.

Since the flaw was detected, the company has been shutting down the mentioned group chats quietly. They have also been alerting users about this. However, they haven't yet made a public statement on this matter. The alert that they issued to users is as follow:

Facebook has confirmed that this message is authentic, and added that they had sent this message to many users recently to warn them about the "technical error".

How does it work?

This bug comes from the method that Messenger Kids application applies for its unique permissions onto group chats. With the normal 1-on-1 chat, the system only allows the kid to start conversations with users approved by their parents.

But it became much more complicated when applying to the group chat because there are many different users in one group. The authorised users could start a group chat and could invite anyone into the group. Thus an unauthorised user can chat with the children in that group. Finally, many children went into group chats full of unauthorised users, that is a clear violation of this app's promise.

It is still unclear how long this bug has been on Messenger Kids. Facebook launched the app with the features for group chat back in December of 2017.

A sensitive matter

This design flaw is very sensitive. Mostly because this app was made for kids under 13-year-olds. Therefore it is subjected to the COPPA (Children’s Online Privacy Protection Act). Recently, certain privacy groups have accused the app of violating this Act by harvesting user data. This new design flaw only further fuels those concerns.