Kids’ gadgets are big business these days, but parents should be aware of potential risk factors: Out of nine tablets marketed toward children, many of them have been found to inadequately safeguard the personal account information on the device, including photos.
Children’s tablets tend to have the same hallmarks: a colored, rubberized case to protect against damage, special management software to separate accounts for children and guardians, and kid-focused media, including apps and games. Additionally, information stored on children’s tablets is subject to privacy laws like the Children’s Online Privacy Protection Act (COPPA), designed to stop the collection and tracking of children’s data.
Bluebox Labs analyzed the safety and trustability of none Android-based devices, identified potential risk factors and rated each one. Shockingly, the research, shared with Infosecurity, found that all devices were susceptible to at least three vulnerabilities (Futex, ObjectInputStream and BroadAnywhere.
And, more than half of the tablets shipped with a security backdoor (access to a program that bypasses security mechanisms), allowing root access to the device. This gives privileged control to the Android device's sub-system.
All but two devices had third-party app stores pre-installed.
“A child-focused third-party app store could be beneficial as it specializes in children’s apps, meaning the apps could potentially be safer,” Bluebox noted. “However, not all third-party app stores are created equal and the apps made available on some of the stores could be at risk for stealing you or your child's information.”
“When evaluating the software on the tablets, we discovered that for the most part, applications were adhering to COPPA laws,” Bluebox said. “Most applications were using developer analytics libraries such as Flurry, Google Analytics and Crittercism, which collect device information, but do not reveal personal information about the tablet users.”
However, the firm said that two of the management software vendors, Zoodles and Nabi, were sending personal information and pictures (which were provided when creating user profiles) to the backend.
“This information (including photos) was easily accessible and unencrypted without authentication from their cloud storage provider,” Bluebox noted.
Overall, the trust scores for children’s Android tablets were low; the scores range from 0 to 10, with 10 equaling “trustable” (zero or very few security risks). Only one tablet managed to break above a 5 while the average came in just below a 4. The lowest was a 2.7.