Malware Discovered in Kids’ Tablet steals sensitive data

In the ever-expanding market of Android devices, the allure of budget-friendly options can sometimes conceal unforeseen risks. 

Purchasing Android devices from online platforms like Amazon offers varying price points but also exposes consumers to potential security hazards.

For her birthday, Alexis Hancock’s daughter received a tablet designed specifically for children. Given her profession as a security researcher, Hancock’s initial reaction was one of concern over the potential security risks associated with the device.

The Dragon Touch KidzPad Y88X has been found to contain traces of widely known malware, which poses a potential threat to the security of the device. Furthermore, this tablet runs an outdated version of Android that was first introduced five years ago.

Additionally, the device comes pre-installed with other software that is known to be harmful to the tablet’s performance and security, thus compromising the user’s experience.

Dragon Touch KidzPad Y88X 10
Dragon Touch KidzPad Y88X 10

Factors such as shared manufacturing facilities, lax security standards in component selection, and inadequate scrutiny from vendors contribute to the prevalence of malware in budget devices. 

Upon closer examination, Hancock observed that the Dragon Touch tablet came under intense scrutiny, which shed light on the presence of possible malware and obsolete parental control applications.

The Enigma of “Stock Android

Understanding the issue necessitates unraveling the concept of “stock Android.” 

Despite being open-sourced by Google, the Android operating system undergoes customization by manufacturers, leading to variations in security and features. 

This tablet’s compromise included the presence of Core Java malware directories, emphasizing the inherent risks associated with budget Android devices.

Surprisingly, the investigation uncovered a close connection between the infected Dragon Touch tablet and a previously examined Android TV box. 

Shared ownership and distribution by a single entity operating under various brand names raise concerns about the widespread use of devices linked to these sellers.

Privacy Predicaments

Beyond malware, privacy concerns emerge as a critical issue. The tablet came with an outdated version of the KIDOZ app, preloaded with deprecated features and questionable data collection practices. 

Simple racing games from the old KIDOZ app store asking for location and contacts.
Simple racing games from the old KIDOZ app store asking for location and contacts.

The app’s connection to a defunct company and its history of adware labeling highlights the need for stringent privacy standards, especially in devices targeting children.

Call for Action

Addressing pre-installed malware and sketchyware falls on consumers, an unacceptable state of affairs. 

We advocate for improved security benchmarks for devices in major online markets, a more efficient process for removing compromised devices, and a minimum standard for security and privacy features in Android OEMs.

The discovery of malware and privacy lapses on the Dragon Touch KidzPad Y88X 10 underscores the need for heightened scrutiny in selling and producing devices marketed to children. 

With this tablet’s latest Android OS being five years old, the urgency for industry-wide improvements in security and privacy features cannot be overstated. 

Parents, often lacking the expertise of security researchers, deserve a marketplace where their children’s safety and privacy are paramount. Online vendors must proactively address these concerns to ensure the integrity of the consumer electronics they offer.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Sujatha is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under her belt in Cyber Security, she is covering Cyber Security News, technology and other news.