- Cybernews analyzed 10 Android companion apps for kids’ AI/robotic toys and reported half of all declared permissions are considered dangerous by Android guidelines
- The investigation found 3rd party trackers in 7 out of the 10 applications they examined
- Researchers also detected two advertising, two profiling and one location tracker as part of their investigation
With AI toys becoming increasingly adopted by families, security firms are ringing the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models, allowing users, including children, to talk to and otherwise interact with them, and granting unprecedented access and permissions that enable them to harvest sensitive data with ease if a bad actor were involved.
Cybernews recently examined 10 toys from various brands and found that many had excessive permissions at the application level, which could expose them to abuse or data harvesting.
Why is an AI toy also a privacy concern?
Most users tend to grant permissions to Android applications on a whim without reading the fine print, but that might have extended to another frontier altogether: AI toy apps.
Cybernews’ recent study, which focused on 10 different Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), found that all of them asked for permissions classified as ‘dangerous’ by Android.
All 10 applications required precise location access, which isn’t concerning on its own, since these do need it to search for their corresponding toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.
As many as six required access to microphones, five requested camera access, and eight requested Bluetooth scanning capabilities. One could argue that these are required by some of the toys to function, but some of these are used in some capacity against the regulation updates made to the Children’s Online Privacy Protection Rule by the FTC.
The rules that strengthened “key protections for kids’ privacy online,” as per the then-FTC chair, Lina M. Khan, limited data retention, required opt-in consent for targeted advertising to children, and required disclosures to prevent data abuse.
This has not stopped AI toys from building behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 applications it analyzed. While most of these were crash reporting and analytics-related, two of the applications had advertising and profiling trackers, and one of them (Loona) also had a location tracker.
This might run contrary to data minimization regulations at a time when the world is already grappling with a social media ban for children under 16 in the UK, following Australia’s footsteps.
“Data minimization for children’s apps is essential. Responsibility falls both on developers to request fewer permissions and minimize sensitive trackers, and on parents to take greater control over the technology available to their children,” the researchers said.
“Unlike adults, children are less likely to understand what data is being collected, how it may be used, or the privacy implications of sharing it.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Source link
#Experts #warns #toy #apps #kids #tracking #users #collecting #personal #data
