Bluebox shocked no one last November when they revealed that cheap Android tablets came with bonus security problems, and this security firm is back again this week with a report which shows that cheap kid's tablets are just as ridden with security issues.
While that comes as no surprise, this time around I would be concerned. Not only do the kids' tablets share many of the same security shortcuts as regular tablets, several tablets tested in this report also sent personal info over the web in the clear.
Bluebox tested a total of 9 tablets currently available on the US market. They didn't include the Kids Fire tablet from Amazon, but Bluebox did test the Nabi 2 (above) as well as tablets from Kurio, Orbo, Smartab, and a number of other tablet makers which I've never heard of.
The 9 tablets cost anywhere from $50 to $140 (for the Nabi 2), and all ran either Android Jelly Bean or KitKat. With two exceptions, they also shipped with parental control tools which enabled an adult to setup a tablet so it can be used by a child.
All of the tablets shared at least 3 know security vulnerabilities (Futex, ObjectInputStream and BroadAnywhere), and several topped that off by shipping with ADB enabled and already rooted. While I would usually regard the last two points as a bonus for any tablet I bought for myself, that's not something I would want to see in a kids tablet.
On a scale of one to ten, the tablets' security scores ranged from 2.7 to 5.3. The Nabi 2 was the single tablet to break the 5.0 barrier, which would be nice if not for the fact that it was also one of the three tablets which sent user profile photos to cloud servers sans encryption (to the tablet maker's own servers, no less).
The other two tablets were tied into Zoodles, a 3rd-party service which offers parental controls. Bluebox reported that this service was also sending personal account info (name, birthdate, and profile image) in the clear.
While I was inclined to write this report off as simply more proof that cheap tablets aren't very well made, the lack of encryption really bothers me.
That's not a mistake that companies should be making in 2015, but luckily this is a problem which Fuhu (maker of the Nabi 2) is interested in fixing. Bluebox also noted that the Nabi 2 had a much lower security score out of the box, but after a couple updates repaired a couple issues the tablet scored 5.3 out of ten.
I don't know if Zoodles is aware of its security issues, so it would be best to avoid that service for the time being.