- Cybernews analyzed 10 Android companion apps for children’s AI/robotic toys and reported that half of all reported permissions are considered dangerous by Android guidelines.
- The investigation discovered third-party trackers in 7 of the 10 applications examined.
- Researchers also detected two advertisements, two profiles and a location tool as part of their investigation.
As AI toys become increasingly adopted by families, security companies are sounding the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models, allowing users, including children, to speak and interact with them, and granting unprecedented access and permissions that allow them to easily harvest sensitive data if a malicious actor were involved.
Cybernews recently looked at 10 toys from different brands and found that many of them had excessive app-level permissions, which could expose them to abuse or data collection.
Why does an AI toy also pose a privacy issue?
Most users tend to grant permissions to Android apps on a whim without reading the fine print, but this could have extended to another frontier: AI toy apps.
Cybernews A recent study, which focused on 10 different Android companion apps for kids (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi and AIBI Pocket), found that all requested permissions classified as “dangerous” by Android.
All 10 apps required location-specific access, which isn’t a concern in itself because they need it to search for their matching toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.
Up to six of them required access to microphones, five requested camera access, and eight requested Bluetooth scanning capabilities. It could be argued that some toys need them to work, but some of them are being used to some extent against regulatory updates to the FTC’s Children’s Online Privacy Protection Rule.
The rules that strengthened “key protections for children’s online privacy,” according to then-FTC Chair Lina M. Khan, limited data retention, required voluntary consent for targeted advertising to children, and required disclosures to prevent data abuse.
This hasn’t stopped AI toys from creating behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 apps analyzed. While most of them were related to crash reporting and analytics, two of the apps had advertising and profiling trackers, and one of them (Loona) also had a location tracker.
This could run afoul of data minimization regulations at a time when the world is already grappling with a ban on social media for children under 16 in the UK, following the example of Australia.
“Data minimization for children’s apps is essential. The responsibility falls both on developers to request fewer permissions and minimize sensitive trackers, and on parents to take greater control over the technology available to their children,” the researchers said.
“Unlike adults, children are less likely to understand what data is collected, how it may be used, or the privacy implications of sharing it.”
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
