- Cybernews analyzed 10 companion Android apps for children’s AI/robot toys and reported that half of all declared permissions are considered dangerous according to Android guidelines
- The study found 3rd party trackers in 7 out of the 10 applications they examined
- Researchers also discovered two advertisements, two profiling and one location tracking as part of their investigation
With AI toys increasingly being adopted by families, security firms are sounding the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models that allow users, including children, to talk to and otherwise interact with them, and provide unprecedented access and permissions that enable them to easily harvest sensitive data if a bad actor was involved.
Cyber news recently examined 10 toys from different brands and found that many had excessive application-level permissions, which could expose them to abuse or data collection.
Why is an AI toy also a privacy issue?
Most users tend to grant permissions to Android applications on a whim without reading the fine print, but that may have extended to another frontier entirely: AI toy apps.
cybernews’ a recent study which focused on 10 different Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi and AIBI Pocket) found that they all asked for permissions classified as ‘dangerous’ by Android.
All 10 applications required precise location access, which isn’t a concern in itself, as these need it to search for their corresponding toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.
As many as six requested access to microphones, five requested camera access and eight requested Bluetooth scanning capabilities. One could argue that these are required by some of the toys to function, but some of these are used in some capacity in relation to the regulatory updates the FTC made to the Children’s Online Privacy Protection Rule.
The rules, which strengthened “key protections for children’s privacy online,” according to then-FTC Chairman Lina M. Khan, limited data retention, required opt-in consent for targeted advertising to children and required disclosures to prevent data misuse.
This hasn’t stopped AI toys from building behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 applications it analyzed. While most of these were crash reporting and analytics related, two of the applications had advertising and profile tracking, and one of them (Loona) also had location tracking.
This could run afoul of data minimization regulations at a time when the world is already grappling with a ban on social media for under-16s in the UK, following in Australia’s footsteps.
“Data minimization for children’s apps is critical. The onus is on both developers to request fewer permissions and minimize sensitive trackers, and on parents to take more control over the technology available to their children,” the researchers said.
“Unlike adults, children are less likely to understand what data is collected, how it can be used, or the privacy implications of sharing it.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
