- CyberNews analyzed 10 Android companion apps for children’s AI/robot toys and reported that half of all declared permissions are considered dangerous by Android guidelines
- The study found third-party trackers in 7 of the 10 applications examined.
- The researchers also detected two advertisements, two profilings, and one location tracker as part of their investigation.
As AI toys increasingly enter homes, security companies are sounding the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models that allow users, including children, to talk and interact with the toys, giving them unprecedented access and permissions that can easily collect sensitive data if malicious actors become involved.
cyber news We recently investigated 10 toys from various brands and found that many had excessive privileges at the application level, potentially exposing them to abuse and data collection.
Why are AI toys also a privacy issue?
Most users tend to grant permissions to Android applications on a whim without reading the details, but that could extend to a completely different realm: AI toy apps.
cyber news A recent study focused on 10 Android companion apps for kids (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket) and found that all of them request permissions that are classified as “risky” by Android.
All 10 applications required access to precise location information, which is fine in and of itself as it is required to use Bluetooth Low Energy (LE) to search for compatible toys, but the permission requirements are much more complex than that.
Six requests requested microphone access, five requests for camera access, and eight requests for Bluetooth scanning capabilities. While some may argue that these are necessary for some toys to function, some of these are used in some way in violation of the FTC’s updated rules for the Children’s Online Privacy Protection Rule.
The rules, which would strengthen “important protections for children’s privacy online,” would limit data retention, require opt-in consent for targeted advertising to children, and require disclosures to prevent data misuse, said FTC Chair Lina M. Khan at the time.
This didn’t stop the AI toy from building behavioral profiles of its target users, as CyberNews found trackers in seven out of ten applications analyzed. Most of these were related to crash reporting and analytics, but two of the applications had advertising and profiling trackers, and one (Loona) also had a location tracker.
This could run afoul of data minimization regulations, at a time when the world is already grappling with banning social media for children under 16, with the UK following Australia.
“Data minimization is essential in children’s apps. The onus is on both developers to request fewer permissions and minimize sensitive trackers, and parents to have more control over the technology available to their children,” the researchers said.
“Unlike adults, children are less likely to understand what data is collected, how it will be used, and the privacy implications of sharing their data.”
Follow TechRadar on Google News and Add us as a preferred source Get expert news, reviews, and opinions in your feed.
