- Cybernews analyzed 10 Android companion apps for kids’ AI/robotic toys and reported half of all declared permissions are considered dangerous by Android guidelines
- The investigation found 3rd party trackers in 7 out of the 10 applications they examined
- Researchers also detected two advertising, two profiling and one location tracker as part of their investigation
With AI toys becoming increasingly adopted by families, security firms are ringing the alarm about what this means for privacy in a post-LLM world.
Modern AI toys incorporate LLM models, allowing users, including children, to talk to and otherwise interact with them, and granting unprecedented access and permissions that enable them to harvest sensitive data with ease if a bad actor were involved.
Cybernews recently examined 10 toys from various brands and found that many had excessive permissions at the application level, which could expose them to abuse or data harvesting.
Why is an AI toy also a privacy concern?
Most users tend to grant permissions to Android applications on a whim without reading the fine print, but that might have extended to another frontier altogether: AI toy apps.
Cybernews’ recent study, which focused on 10 different Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), found that all of them asked for permissions classified as ‘dangerous’ by Android.
All 10 applications required precise location access, which isn’t concerning on its own, since these do need it to search for their corresponding toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.
As many as six required access to microphones, five requested camera access, and eight requested Bluetooth scanning capabilities. One could argue that these are required by some of the toys to function, but some of these are used in…
