Children's Tablet Has Malware and Exposes Kids' Data, Researcher Finds

An anonymous reader shares a report: In May this year, Alexis Hancock's daughter got a children's tablet for her birthday. Being a security researcher, Hancock was immediately worried. "I looked at it kind of sideways because I've never heard of Dragon Touch," Hancock told TechCrunch, referring to the tablet's maker. As it turned out, Hancock, who works at the Electronic Frontier Foundation, had good reasons to be concerned. Hancock said she found that the tablet had a slew of security and privacy issues that could have put her daughter's and other children's data at risk.

The Dragon Touch KidzPad Y88X contains traces of a well-known malware, runs a version of Android that was released five years ago, comes pre-loaded with other software that's considered malware and a "potentially unwanted program" because of "its history and extensive system level permissions to download whatever application it wants," and includes an outdated version of an app store designed specifically for kids, according to Hancock's report, which was released on Thursday and seen by TechCrunch ahead of its publication. Hancock said she reached out to Dragon Touch to report these issues, but the company never responded. Dragon Touch did not respond to TechCrunch's questions either. After TechCrunch reached out to the company, Walmart removed the listing from its website, while Amazon said it's looking into the matter.

Digital Daycare Dilemma

[Press2ToContinue]

So, Dragon Touch released a kids' tablet, the KidzPad Y88X, and it turns out it's teaching kids more about cybersecurity than ABCs. It's like saying, 'Here's your new tablet... and a free subscription to Hackers Weekly.' Remember the VTech hack? It's like we're in a sequel, but the plot hasn't improved. BCG says 93% of kids are online, facing more cyber threats than a sci-fi villain, and parents? They're still trying to figure out the TV remote. Tech companies, schools, and parents need to team up – it's like assembling an Avengers team for the digital world. Until then, it's every tablet for itself.

Re:Digital Daycare Dilemma

[Opportunist]

You're talking about parents who hand over their own personal information to antisocial media platforms, think influenzas are their friends and the crap they peddle are their real preferences and send money to Nigerian princes. You really expect them to give a fuck about their kids' privacy? As long as the rugrats shut up when they play with their toys (which are inherently safe because CLEARLY toys cannot be harmful, right?), they don't care.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[jonadab]

> On the older end, parents today were members of the Oregon Trail Generation (aka: Xennials).

I don't think you realize how old Oregon Trail is. Most of the people who have ever played it, have grandchildren. Some have *adult* grandchildren.

Re:

[Mononymous]

The first version of The Oregon Trail came out in 1971, but it's not likely the one you're referring to, since it ran on an HP 2100 minicomputer.
The one I played, which is also not likely the one you're referring to, came out in 1980 and ran on the Apple II.
The one you probably mean came out in 1985. I'm guessing not many teenagers were playing it, so probably no one born before 1973.
Certainly not all first-time grandparents are over 50, but I'd say most are.

Re:

[jonadab]

The Apple version is the one everyone in my generation played; and yes, a lot of people played it as teenagers, because that's when we were first able to get non-trivial amounts of computer time. Elementary schools, back then, had 1-2 computers per building, on carts. Your teacher could schedule a day to have it in the classroom, and during seat-work time each student would get about five or maybe ten minutes on it, usually playing something like Monster Math, which could reasonably be played in that amou

Re:

[Mononymous]

The 1980 version didn't actually say "Oregon Trail" anywhere. The menu and title screen called it OREGON (no lower case on the orgiinal Apple II).
Hunting was much more rudimentary than the arcade-like experience of the 1985 version everyone's nostalgic for. A deer ran slowly across the screen, and you had to push space bar at the right moment for slow-moving buckshot to hit it.
I've never played the 1985 version, with dysentery, floating wagons, and customizable headstones, but it's the only one people talk

Re:

[jonadab]

> Hunting was much more rudimentary than the arcade-like experience of
> the 1985 version everyone's nostalgic for. A deer ran slowly across the
> screen, and you had to push space bar at the right moment for slow-moving
> buckshot to hit it.

I don't remember any hunting, or any animation, in the version I played. Maybe I just didn't encounter that part of the game? The experience I remember involved it asking you a series of questions (like, how many rifles do you want to buy, how many pounds of

Re: Digital Daycare Dilemma

[drinkypoo]

Well, no. The first versions I played on the Apple ][+ and //c had lowercase lettering but no hunting minigame. You input how many bullets you wanted to use hunting and it told you how many pounds of meat you got. It wasn't until later that they added the press space to shoot thing. My elementary school had two apples in the library and about 15 or 20 in a classroom.

here lies andy; peperony and chease

[Joe_Dragon]

here lies andy; peperony and chease

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jonadab]

> What years were you in elementary school?

I started kindergarten in 1980.

> BASIC programming

I had 9 weeks of that, in seventh grade, but it was Applesoft BASIC, which was pretty rudimentary (e.g., variable names were no more than two characters in length), and the instruction was very rudimentary (only the most basic flow control, no nested loops, no complex data structures, no complex decision making) and there were two of us at each computer, and I got paired with a kid with a more foreceful person

Re:

[Chaset]

I am most familiar with the Apple II version played at school. I don't know if it existed on anything older, but I bet the Apple II and C64 versions far outsold any older versions. I think versions were made well into the 90's.

In any case, myself and my cohorts are nowhere close to the "adult grandchildren" age. What version are you thinking of that far predates the Apple II era?

Re:

[jonadab]

I think I'm remembering mostly Apple //c and //e (once I even saw an Apple III, when I was in junior high; I saw my very first Macs when I was in high school; they were Mac Plus), and there are people roughly my age who have adult grandchildren (though it's not the norm; those are the people who started having kids when they were in high school).

But I didn't get the impression that Oregon Trail was new when I played it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jonadab]

Ah, so my youngest sister's generation then. Just slightly too young to be 100% Gen X (most of whom didn't get internet until we went to college), and just slightly too old to be 100% Millennials (who mostly don't remember very much from before they got internet). I wasn't aware there was a name for it.

Still waiting to see what we end up calling the first generation who don't remember pre-COVID times. I'm looking forward to explaining how handshakes used to work in Western cultures. I wanna see the look

Re:

[Powercntrl]

Xennial here. I was actually one of the students helping out the other students get through their "hello world" coding assignment on Apple IIe computers, because most of my peers were completely baffled at the basics of operating a computer back in the early 90s.

That being said, if you're a Xennial and had children in your 20s, you're likely the parent of an adult or at the very least a teenager, at this point. So you're probably past buying cheap kiddie tablets for them and they're on to things like "Hey

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jenningsthecat]

That said, I wouldn't expect a non-IT professional to know how to respond to the more serious cyberthreats out there, but I would expect most folks of child rearing age these days to be comfortable enough with technology to remain aware of how their children engage with it.

I can see parents being aware of their kids' activities on social media, but I think the majority of them are pretty naive about the gaping security flaws often baked in to some piece of shiny new tech that they bought from even a 'reputable manufacturer' just yesterday.

You only have to look at all the 'smart' appliances that continue to fly off the shelves to conclude that the vast majority, regardless of generation, either don't know or don't care much about privacy, security, or personal control over th

Re:

[Murdoch5]

The reality is keeping data safe and private is nearly impossible, and if your kids go to school or daycare, just forget about it. We keep hearing about “Keep kids safe”, “Privacy is important”, “I care about privacy”, but then we sell data to the lowest bidder, and usually give it away for free.

Windows has a literal keylogger running! That's not some crazy tinfoil hat uncle idea, they tell you about it: “Ink & Typing”. Should we look at the location

Re:

[HiThere]

You are assuming everyone is the same. It's quite reasonable for various individuals and a few organizations to claim that they care.

Re:

[Murdoch5]

Apart from a typo, I said almost anyone (almost anything). That doesn't mean no one cares, but it does mean very limited people care or are willing to do anything about it. If you have kids, ask their teachers to get rid of any Closed Source, Closed Audit, locked down, violating software and hardware, and see if they are even willing to approach the fight.

I know most boards pick the software and hardware stacks, but if the teacher won't even take it up, they don't care. Ask the school executives, and g

Re:

[DesScorp]

The reality is keeping data safe and private is nearly impossible, and if your kids go to school or daycare, just forget about it. We keep hearing about “Keep kids safe”, “Privacy is important”, “I care about privacy”, but then we sell data to the lowest bidder, and usually give it away for free.

"You have Zero privacy anyway. Get over it." - Scott Mcnealy, Sun Microsystems, all the way back in 1999. Maybe he was a prophet and not just an asshole, because, as you said yourself, the biggest enemy of privacy online tends to be ourselves, giving away info for this or that social media service that's "free".

Re:

[Murdoch5]

A great example that happened 2 weeks ago, a hospital sent me a link for a portal to see information about an upcoming CT scan. I couldn't fully read the license, due to some weird bug where it would jump to the top of the page when you hit 1/2 while scrolling. Since I couldn't read the license, I declined the service, and OH BOY, was that fun!

The hospital REFUSED to give me an appointment confirmation or details verbally, insisting I had to use the online platform. Since I hadn't actually accepted, I

Re:

[MDMurphy]

I don't have kids so no direct experience with handing over an internet-connected device for them to do who knows what. But it was for a young child I would not have set it up for anything to be "hacked" that mattered to begin with. Besides the various permissions various devices ask for, I only use accounts that are appropriate for the device. The only network resources they have access to in the home are read-only for that account.
For all the different TV and entertainment devices I have a -TV account I

Re:

[Darinbob]

"But Mom!!!!! If you take my tablet away, I won't be able to get any of that money from my invisible Nigerian prince friend."

Dragon Touch turning all your data over to the CCP

[Joe_Dragon]

Dragon Touch turning all your data over to the CCP

CCP = Chinese Communist Party

Good learning experience?

[Tablizer]

"Mommy, a Nigerian Prince stole my tooth-fairy money!" sniff sniff

Re:

[Powercntrl]

Seems like a missed opportunity for a more established children's brand: Fisher-Price My First Malware

Sounds like

[ArchieBunker]

Almost every Android device. Unless you buy an expensive flagship model it’s gonna have an outdated OS and sketchy apps you can’t remove. My work phone is a Samsung and it’s always installing new random games and nonsense from either Samsung, Verizon, or google.

Not every Android device.

[Mal-2]

I've got a tablet from 2016, running Android 7. It has never once installed anything I didn't specifically request. There are a few Google apps that I have chosen to deny permission to, as I don't use them, but they're not third-party apps. If you still consider them "sketchy" then you are expecting a lot more than I am.

I came into the discussion to point out that tablets with versions of Android from five years ago are still quite common. Most phones tend to get treated in ways such that they're not going

Re:

[Powercntrl]

I recall reading some article about generic Android TV "Kodi" boxes from Amazon and IIRC every single one of them had preloaded malware.

Re: Sounds like

[drinkypoo]

Samsung is trash.

Putting aside their amazingly flammable hardware, their app store is problematic in every way and you can't remove their bundled apps.

Dragon Touch's Non-Response

[Petersko]

"...but the company never responded. Dragon Touch did not respond to TechCrunch's questions."

What on God's green earth would give you the impression they would do otherwise? Given the rest of the content of this story, there was no reason to report that. The newsworthy thing would have been if they HAD replied.

Tone down the alarm

[MobyDisk]

Good security analysis, but the alarm level is overblown.

Things like "Runs a five-year old version of Android" may not matter too much. I had a tablet like this for my 5-year-old son. It could only run curated apps, had no browser, and only connected to Wifi when I logged-in as admin. AFAIK, it didn't even store the wifi password. The apps were like hangman, tic-tac-toe, memory, etc. This was the equivalent of giving a kid an old Windows '95 PC with some old preloaded games, and leaving the network cab