Security Assessments

Security Assessment Process

Privacy and security are intertwined, and security is the foundation of effective individual privacy. When evaluating whether to use a smart device at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. To create a truly comprehensive evaluation process, the Common Sense Privacy Program combines a full, in-depth, 150-point inspection of the privacy policies of a product with a hands-on security assessment. The result is the most comprehensive privacy and security evaluation of a smart device aimed at children and students currently available.

Security

The Privacy Program conducts a hands-on basic security assessment of the five most critical security practices around the collection of information from a smart device and from a mobile application, and the transmission of information between the device and the app. In addition to a basic security assessment of the five most critical security practices of a smart device, the program created a full, 80-point inspection of the security practices of a smart device and mobile application.

The following criteria and indicators of both a smart device and a mobile application are used to complete a basic security assessment:

1. Category: Data Collection

Criteria:

  • Personal information
  • Camera access
  • Video access
  • Microphone access
  • Location access

Indicators:

  • Assess whether personal information, audio information, photographic information, and/or video information is collected by the device or application running on a mobile device.

2. Category: Privacy Controls

Criteria:

  • App permissions
  • Data sharing
  • First- or third-party marketing

Indicators:

  • Assess whether the default for privacy controls or preferences on the mobile application are strong privacy protections for the user.

3. Category: Account Protection

Criteria:

  • Strong passwords used
  • Age gate in place
  • Parental controls available

Indicators:

  • Assess whether there is a strong password or complex pass-phrase requirement to create an account, and no default username or password is used.
  • Assess whether there are restrictions on children creating accounts and methods for a parent or guardian to provide consent.

4. Category: Network Security

Criteria:

  • Secure Wi-Fi
  • Secure Bluetooth

Indicators:

  • Assess whether the application or device's network traffic over Wi-Fi is encrypted.
  • Assess whether any Bluetooth connection between the device and mobile application is secured with pin pairing.

5. Category: Software Updates

Criteria:

  • Automatic software and/or firmware updates
  • Encrypted software updates

Indicators:

  • Assess whether the application or device receives firmware (software on the device used for operation) or update files using encryption.
  • Assess whether software or firmware updates are easy to install or automatic.