Security researcher Alexis Hancock discovered multiple security and privacy issues with the Dragon Touch KidzPad Y88X, a children’s tablet.
The tablet, which had traces of the Corejava malware, ran an outdated version of Android, included pre-loaded software classified as malware and “potentially unwanted,” and featured an outdated version of the KIDOZ app, a children’s app store with data collection practices. Despite reporting the issues to Dragon Touch, Hancock received no response. The tablet was available on Amazon and Walmart, with over 1,000 reviews on Amazon. Amazon is investigating the claims, and Walmart removed the listing pending a review by its Trust and Safety team.
The Dragon Touch KidzPad Y88X, a children’s tablet, was found to have multiple security and privacy issues by security researcher Alexis Hancock. Despite being listed as “certified” on the official Android website, the tablet contained malware traces of Corejava malware, ran an outdated Android version, and included pre-loaded software considered malware and “potentially unwanted.” The tablet also had an outdated version of the KIDOZ app, a children’s app store with data collection practices. Hancock, who kept the tablet but made privacy changes before returning it to her daughter, emphasized that parents should not have to take such measures to protect their children’s privacy.
In conclusion, the security and privacy issues identified in the Dragon Touch KidzPad Y88X highlight the challenges and risks associated with internet-connected devices designed for children. This raises concerns about the overall security standards and certification processes for children’s products. As the market for these devices continues to grow, there is a pressing need for manufacturers to prioritize robust security measures, ensuring that parents and their children can trust the safety and privacy of these technological tools without having to resort to extensive technical interventions.
