Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Children’s tablet has malware and exposes children’s data, researcher finds
Security

Children’s tablet has malware and exposes children’s data, researcher finds

techtost.comBy techtost.com19 November 202306 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Children's Tablet Has Malware And Exposes Children's Data, Researcher Finds
Share
Facebook Twitter LinkedIn Pinterest Email

This May year, Alexis Hancock’s daughter got a children’s tablet for her birthday. Being a security researcher, Hancock was immediately concerned.

“I kind of looked at it sideways because I’ve never heard of Dragon Touch,” Hancock told TechCrunch, referring to the tablet maker.

As it turns out, Hancock, who works at the Electronic Frontier Foundation, had good reason to be concerned. Hancock said she found the tablet had several security and privacy issues that could have compromised her daughter’s and other children’s data.

The Dragon Touch KidzPad Y88X contains traces of well-known malware, runs a version of Android released five years ago, comes pre-installed with other software considered malware, and a “potentially unwanted program” due to “its history and extensive system-level permissions to download any app they want’ and includes an old version of an app store designed specifically for children, according to Hancock’s reportwhich was released on Thursday and was seen by TechCrunch ahead of its publication.

Hancock said she contacted Dragon Touch to report these issues, but the company never responded. Dragon Touch did not respond to TechCrunch’s questions either.

The first disturbing thing Hancock said she found on the tablet was traces of the presence of Corejava, which in January the cybersecurity firm Malwarebytes analyzed and concluded that it was malicious. Also this year, the Electronic Frontier Foundation and independent security researchers discovered the same type of malware embedded in the software of cheap Android TVs. The good news, Hancock said, is that at least the malware appeared to be inactive and programmed to send data to idle servers.

According to Hancock’s technical reportthe tablet also came pre-loaded with Adups – the same software found on these Android TVs – which is used to perform “over-the-air” firmware updates. Malwarebytes has classified Adups as malware and a “potentially unwanted program” for its ability to automatically download and install new malware from the Internet.

Finally, the tablet came with a pre-installed and outdated version of the KIDOZ app, which acts as an app store that allows parents to set parental controls and kids to download games and apps. The app store “collects and sends data to ‘kidoz.net’ about the usage and physical characteristics of the device. This includes information such as device model, brand, country, time zone, screen size, view events, click events, event log time and a unique KID identifier,” according to Hancock’s report.

KIDOZ founder Eldad Ben Tora told TechCrunch that the app is certified to comply with COPPA, the US federal law that provides certain online privacy protections for children, and that the app “went through a rigorous review process by an approved the FTC’s COPPA safe harbor program called PRIVO, which included a thorough review of our data collection, storage and use practices.”

“This process ensures that our services are fully compliant with COPPA requirements, prioritizing children’s privacy,” Ben Tora told TechCrunch.

The Dragon Touch tablet reviewed by Hancock was for sale on Amazon until this week, when the listing was dropped and replaced by a listing for the same tablet, which claims the tablet runs Android 12, which was released in 2021. Images at The listing, however, says the tablet runs Android 10, which was released in 2019.

It’s unclear how popular these tablets are, but Amazon listings showed more than 1,000 reviews.

Amazon spokesman Adam Montgomery told TechCrunch in an email that the company is “looking into these allegations and will take appropriate action if necessary.”

The Dragon Touch tablet was also available at Walmart until this week. After TechCrunch contacted the company, Walmart removed the listing from its website.

“We have removed this third-party item from our site while Trust and Safety conducts a review,” Walmart spokesman John Forrest Ales said in an email. “Like other major online retailers, we operate an online marketplace that allows external third-party sellers to offer merchandise to customers through our e-commerce platform. We expect this data to be secure, reliable and compliant with our standards and all legal requirements. Items determined not to meet these standards or requirements will be immediately removed from the site and will remain blocked.”

Contact us

Do you have more information about other flaws in popular devices? We would love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.

Dragon Touch is they are listed on the official Android website as a “certified” device that has been “tested for safety and performance”.

Google spokesman Ed Fernandez told TechCrunch via email that the company was “thoroughly evaluating the allegations in this report to determine whether the manufacturer’s device meets the security standards required to Play Protect certification.”

Internet-connected products for children have long been the target of hackers. In 2015, a hacker broke into VTech’s servers, a consumer electronics company that made gadgets for children. The hack resulted in the theft of nearly five million parents’ personal information, including names, email addresses, passwords and home addresses, as well as more than 200,000 children’s personal details, including names, genders and birthdays. The hacker also acquired thousands of photos of parents and children and one year’s worth of chat logs.

After completing her investigation, Hancock said she had to keep the tablet because her daughter became attached to it during a trip with her cousins. But Hancock did not return the tablet to her daughter until after making changes to protect her daughter’s privacy.

“I have spoken to her about why I had her tablet and why I had it away from her for so long. I told her it was sick, it had a virus and I needed to get it better and I needed to take it to the doctor,” Hancock said.

In practice, Hancock said he “bared as much as he could.”

First, Hancock said she installed a VPN profile on the tablet on a private server running Pi-hole, an ad blocking software. She then limited the number of apps her daughter could use. redirected DNS — the internet system that maps IP addresses to domain names, for “any problematic domain” and even installed Tor, a browser designed to protect its user’s anonymity.

Hancock, however, said parents don’t have to do all that to protect their kids’ privacy, especially since not everyone has the technical help or time to research their kids’ tablet cybersecurity and privacy issues.

“Parents really can’t do much,” she said. “And frankly, it shouldn’t be left up to them.”

Amazon Android children's privacy Childrens cyber security data exposes finds Google malware researcher tablet Walmart
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCybersecurity investor Ballistic Ventures seeks $300 million in new capital
Next Article Samsung says hackers accessed customer data during a year-long breach
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

If you use Google, you train its AI. See how you can opt out.

6 July 2026

Amazon will stop accepting new customers for Mechanical Turk

6 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.