- Cybernews analyzed 10 Android companion apps for kids’ robotic/AI toys and reported that half of all declared permissions are considered dangerous according to Android guidelines.
- The investigation found third-party trackers in 7 of the 10 apps they examined.
- Researchers also detected two ads, two profiles, and a location tracker as part of their investigation.
As families increasingly embrace AI-powered toys, security companies are sounding the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models, allowing users, including children, to talk to and otherwise interact with them, and grant unprecedented access and permissions that allow them to easily collect sensitive data if a bad actor were involved.
cyber news It recently examined 10 toys from various brands and found that many had excessive app-level permissions, which could expose them to abuse or data collection.
Why is an AI toy also a privacy problem?
Most users tend to grant permissions to Android apps on a whim without reading the fine print, but that could have extended to another frontier: AI toy apps.
cyber news A recent study, which focused on 10 different Android companion apps for kids (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), found that they all requested permissions classified as “dangerous” by Android.
All 10 apps required precise location access, which isn’t worrying in itself, as they do need it to search for their corresponding toys via Bluetooth Low Energy (LE), but the permission requirements go much further.
Up to six required access to microphones, five requested access to the camera, and eight requested Bluetooth scanning capabilities. You could argue that some of the toys require them to work, but some of them are used in some way against the regulatory updates made by the FTC to the Children’s Online Privacy Protection Rule.
The rules that strengthened “key protections for children’s online privacy,” according to then-FTC Chair Lina M. Khan, limited data retention, required consent for advertising directed to children, and required disclosures to prevent data abuse.
This hasn’t stopped AI toys from creating behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 apps it analyzed. While most of them were related to crash reporting and analytics, two of the apps had advertising and profiling trackers, and one of them (Loona) also had a location tracker.
This could go against data minimization regulations at a time when the world is already grappling with a social media ban for children under 16 in the UK, following in the footsteps of Australia.
“Data minimization for children’s apps is essential. The onus is on both developers to request fewer permissions and minimize sensitive trackers, and on parents to take more control over the technology available to their children,” the researchers said.
“Unlike adults, children are less likely to understand what data is collected, how it may be used, or the privacy implications of sharing it.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
