ST Explains: Can Mobile Guardian read my messages?
Sign up now: Get ST's newsletters delivered to your inbox
The Ministry of Education said Mobile Guardian would be removed from students’ devices after a cyber-security breach.
ST PHOTO: KUA CHEE SIONG
Follow topic:
SINGAPORE – A cyber attack on Mobile Guardian’s platform has disrupted lessons for tens of thousands of students with school-issued iPads and Chromebooks, with some students losing years’ worth of notes.
On Aug 5, the Ministry of Education (MOE) announced that the app would be removed from all students’ devices
The Straits Times explains what Mobile Guardian does, and what data it potentially has access to.
Q: What is Mobile Guardian?
A: Developed by a South African firm of the same name, Mobile Guardian is a device management app (DMA) that polices and restricts users’ access to apps and websites on a range of devices, including smartphones, tablets and laptops.
It is one of two DMAs – the other being one by American software firm Blocksi – used by 181 MOE secondary schools.
Using these DMAs, school administrators can remotely monitor device usage and browsing history, enforce security policies and control app installations and settings.
Parents can set screen time limits and block social media apps and YouTube content. The location of the device can also be tracked.
Mobile Guardian is supported on Google’s Android and ChromeOS, and Apple’s iOS and macOS devices.
Q: Can Mobile Guardian read my messages?
A: Mobile Guardian monitors browser histories, filters and controls web access, and allows device location tracking.
But it accesses data differently on Apple and Google devices – the former offers tighter privacy controls.
For instance, Mobile Guardian allows Live Screen Views on Android devices. This feature allows teachers to see what content students are browsing on the screens of those devices. If students are messaging one another, the content can be viewed. The Live Screen Views feature is not available on Apple devices.
Q: What information does Mobile Guardian collect?
A: According to its website, Mobile Guardian collects the personal information of each user on a school-managed device.
Personal details include the student’s name, e-mail address and device details. Schools can also link students to specific teachers or classrooms, and include identification from third-party services like Google to increase customisation for students and track students’ interaction with school resources.
When students log in to their personal devices with their school-managed accounts, Mobile Guardian can monitor their location and browser history. It can also track chat records, and device and activity history to help administrators monitor device use and ensure it is in line with school policies. It does not collect contact list information.
The app may collect data on student performance, including grades and attendance, which helps track academic progress.
It can also track the user’s geographic location while the device is active, for device management and security purposes, Mobile Guardian said on its website.
MOE said earlier that the students’ learning devices will capture data on their online activities
Q: What can I do to protect my data?
A: In an advisory on Aug 5, Singapore’s Cyber Security Agency (CSA) urged individuals and organisations to back up their data regularly. Backing up of data can be done using removable storage devices such as USB drives, internal hard drives, cloud storage or printed copies. CSA recommends at least two different backup methods to ensure that data is kept safe.
The Straits Times understands that data backup is handled by different MOE schools’ information technology departments in different ways.
Some schools have automated daily data backup to the schools’ cloud systems for every issued device, while some coursework may require students to save copies of their work on their devices or on apps such as Goodnotes.
Data generated using Goodnotes can be saved in Dropbox or Google Drive, or by syncing the app with iCloud. However, users must turn on the feature as it is not turned on by default.
Experts said students can send themselves copies of their work via e-mail as a good way of backing up their schoolwork if they run out of options. Students can also opt to use a third-party site like Google to save their notes.
Q: When did MOE start to use Mobile Guardian?
A: MOE awarded a tender in 2020 to Mobile Guardian, which holds the ISO27001 certification, an internationally recognised standard for information security management systems. The app is also used by 2,500 schools in more than 50 countries worldwide.
Blocksi was rolled out in the same year.
MOE had said in 2020 that as part of Singapore’s National Digital Literacy Programme, all secondary school students would have their own personal learning devices by the end of 2021. Students received their personal learning devices with a DMA installed.
Q: What is Mobile Guardian’s history of data protection?
A: In April, an unauthorised individual gained access to a support account on Mobile Guardian’s management portal,
This hack affected about 67,000 parents and 22,000 school employees across 127 schools
Mobile Guardian’s management portal is used for administrative purposes like providing technical support, and the portal has access to a user’s name, e-mail address, time zone and school name, and whether a user is a parent or a staff member, he said.
MOE had asked Mobile Guardian then to appoint a forensic investigator to evaluate its systems and processes, and give recommendations to prevent a recurrence.
On Aug 4, another global cyber-security breach involving Mobile Guardian,
In late July, technical issues were reported by students in at least five secondary schools in Singapore. Students reported being unable to access their iPads, where they had their school notes, assignments and worksheets stored.
Other problems students faced included not being able to connect to Wi-Fi and receiving an error message: “Guided Access app unavailable. Please contact your administrator.”
These issues were separate from the cyber-security breach, MOE said, and were due to human error in configuration by Mobile Guardian.
Correction note: This article has been edited for clarity.
