The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name – which is often just their name – and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.
This is malicious software, plain and simple. If you subvert the OS-level security to spy on someone, that’s the very definition of spyware. Shame on everyone involved with this.