Security Testing
Privacy and security are intertwined, and security is the foundation of effective individual privacy. When evaluating whether to use a smart device or mobile app at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. To create a truly comprehensive evaluation process, the Common Sense Privacy Program combines a full, in-depth, 150-point inspection of the privacy policies of a product with a hands-on security assessment. The result is the most comprehensive privacy and security evaluation of a smart device and companion application aimed at children and students currently available.
The Privacy Program conducts a hands-on Basic Security Assessment of the ten most critical security practices around the collection of information from a smart device and from a companion mobile application, and the transmission of information between the device and the app. In addition to a basic security assessment of the ten most critical security practices of a smart device, the program created a 80-point Full Security Inspection of the security practices of a smart device and mobile application.
The following five "Smart Tech" evaluation concern categories comprise ten basic security questions that illustrate the diverse security-related questions used to complete a basic security assessment of smart tech devices:
1. Data Sharing
Evaluating data sharing takes into consideration best practices of keeping personal data inside the application or smart device to help protect privacy. Connecting social media accounts could allow people to share personal information with other people and with third-party companies. In addition, installing third-party apps with a smart device could allow the collection and use of personal information for a different purpose.
Criteria:
-
Social Media Accounts
-
Third-Party App Store
2. Device Safety
Evaluating device safety takes into consideration best practices of using privacy protections by default and limiting potential interactions with others. It’s better to start with the maximum privacy that the app or device can provide, and then give users the choice to change the settings. In addition, users talking to other people through the app or device might permit sharing personal information with strangers.
Criteria:
-
Privacy Protecting Controls
-
Social Interactions
3. Account Protection
Evaluating account protection takes into consideration best practices of using strong passwords and providing accounts for children with parental controls. Strong passwords can help prevent unwanted access to personal information. Children under the age of 13 may not understand when they are sharing personal information, so they should be required to create special accounts with more protection under the law. Lastly, parents can help children under the age of 13 use a device or app with digital well-being protections in mind by using parental controls.
Criteria:
-
Strong Password
-
Child Age Gate
-
Parental Controls
4. Device Security
Evaluating device security takes into consideration best practices of securing personal information against unwanted use that is shared between a mobile device, smart tech, and the internet. Keeping personal information encrypted, or masked, protects information while it is on the move. In addition, advertising and tracking requests from the device or app could contain personal information about the user, including what they’re doing with the device or app.
Criteria:
-
Data Secure
-
Ads & Tracking Requests
5. Software Updates
Evaluating software updates takes into consideration best practices of keeping a smart device secure with up-to-date software patches and settings. When a company improves its app or device, better privacy and security should be part of the package and should be automatically updated or easy to update.
Criteria:
- Updates Available