AI toy apps for children request dangerous permissions and include third-party trackers

Plush toys are no longer all the rage – AI toys are taking over. AI toys use Large Language Models (LLMs), which allow children to interact and have conversations with them. While they can be useful for learning or fostering imagination, the apps that the toys require collect various sensitive data, ask for dangerous permissions, and include third-party trackers.

Cybernews researchers analyzed 10 Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), and found that almost half of all permissions declared by these apps were classified as “dangerous” by Android. Third-party trackers were detected in most of the analyzed apps as well.

For each analyzed app, two public sources were used: the Google Play Store listing, which includes the “Data Safety” declaration and the expanded “App Permissions” list, as well as the corresponding Exodus Privacy report.

Miko app declared the most dangerous permissions (9), while SPIKE™ LEGO® Education declared the fewest dangerous permissions (3).
All 10 analyzed apps requested precise location access, 6 requested microphone access, and 5 requested camera access.
Third-party trackers were detected in 7 of the 10 apps.
Out of the 10 AI toy apps, 2 had profiling trackers, 2 had advertising trackers, and 1 had a location tracker.

All analyzed apps had dangerous permissions

Android categorizes different permission types based on the scope of restricted data that the app can access. Dangerous permissions are those that can access sensitive information like location, storage, camera and microphone.

On average, each analyzed AI companion app declared 17 permissions, of which 6 were classified as “dangerous”, with the Miko app taking the lead.

Miko has recently affirmed their commitment to child safety. However, Cybernews found that the Miko app not only has the most permissions, but 9 of them are dangerous, including location information and camera access.

mBlock had 9 dangerous permissions, and the AIBI Pocket robot app had 8.

Aside from permissions, 7 of the 10 analyzed apps also contain trackers, which can track behavior related to analytics, crash reporting, user profiling, or advertising. While you can deny permissions, trackers operate without requiring consent. They are embedded in the app's code as third-party SDKs, and they start working the moment you open the app. Miko also leads here with 8 trackers.

All analyzed AI toy apps request precise location access

All 10 AI toy apps requested precise location access, which, according to Android, can determine a user's location within approximately 50 meters (160 feet). One app, Loona, also requests background location, allowing it to track location even after the user closes the app.

8 of 10 apps requested Bluetooth scan and connect permissions, 6 requested microphone access, and 5 requested camera access.

While some permissions may be necessary for the toy to function properly, requests for precise location, camera access, and other sensitive permissions raise questions about data minimization in apps designed for children. This question has been raised before, and last year, changes were made to the Children’s Online Privacy Protection Rule.

These changes included requiring opt-in consent for targeted advertising and other disclosures to third parties. After the changes, online service operators and websites that fall under COPPA are required to obtain parental consent for children's data disclosure to third-party companies.

Some apps are building behavioral profiles of users

Trackers were found in 7 of the 10 analyzed apps. The most common trackers were analytics and crash reporting. Analytics trackers collect data related to how people use the app (screen visits, interactions, session duration), and crash reporting trackers are for capturing diagnostic data.

Advertising, profiling, and location trackers are more privacy-sensitive. Advertising trackers (present in 2 apps) involve third-party data sharing and measure ad effectiveness. Having advertising trackers in children's apps makes them a commercial target from the moment the app is opened. Profiling trackers (present in 2 apps) can be used to build detailed profiles based on a user's behavior, interests, and demographics.

Loona app also has a location tracker – the only one of the 10 analyzed apps to have one. Together, these trackers may collect information beyond what is strictly necessary for the toy's core functionality.

Children’s apps should prioritize data minimization

Children have moved on from Barbie dolls, Build-a-Bears, and plushies – they can now have conversations with toys. And not only do some of these toys share explicit and inappropriate information with children, but, according to Cybernews researchers, they also create consumer profiles of children and ask for precise location, among other dangerous permissions.

“Data minimization for children's apps is essential. Responsibility falls both on developers to request fewer permissions and minimize sensitive trackers, and on parents, to take greater control over the technology available to their children. Unlike adults, children are less likely to understand what data is being collected, how it may be used, or the privacy implications of sharing it,” Cybernews researchers say.

Methodology

A sample of 10 Android companion apps for AI and robotic toys for children was assembled. For each app, two public sources were used: the Google Play Store listing, from which the developer-declared “Data safety” table, the expanded “App permissions”, downloads, content rating, version, and last update date were taken; and the corresponding Exodus Privacy report.

The Exodus Privacy report analyzes the Android Package Kit (APK) and reports both embedded tracker Software Development Kits (SDKs) and the full list of declared permissions with Android Open Source Project (AOSP) protection levels. Comparing these sources allows researchers to see if information is disclosed correctly or is under-declared.

Each permission was tagged with its AOSP protection level using the official Android Manifest permission reference. Each tracker was tagged with one or more categories as Exodus reports them. The Play "Data safety" declaration was compared against the Exodus and permissions evidence and tagged as Consistent, Under-declared, or Over-declared for each app.