Cayla and i-Que are two extremely popular smart toys manufactured by Los Angeles-based Genesis Toys. As it turns out the specific games (and how many others we don't know), don't ensure permissions for security and protection of the privacy of their primary consumers (children) as researchers have discovered.
Cayla and i-Que games come with "companion" applications, and the latest services from Nuance Communications, a Massachusetts-based company that specializes in voice and speech recognition services for various industries. This allows the toys to interpret speeches and converse with the children.
These games are sold at USA, the Scandinavian ones countries, in some European countries, Australia and the Middle East.
According to the findings of researchers at Scandinavian technology consultancy Bouvet, which was commissioned to test the toys for account of the Norwegian Consumer Council, there are too many bugs in the two interactive games that can be connected to the Internet. These include lack of security, illegal terms of use, exploiting children's secrets, potentially asking for sensitive information, serving children hidden ads, and more.
The short video below is published by the Council and shows some of these problems.
The Norwegian Consumer Council believes that the manufacturer of these toys does not adequately protect the safety and privacy of users and urged the Norwegian Data Protection Authority, the Consumer Ombudsman and the Norwegian Civil Protection Directorate to investigate the whether these two products fall under the prohibition of laws and European regulations (Personal Data Act, Marketing Control Act, and product safety regulations).
At the same time, in the USA, the Electronic Privacy Center (Electronic Privacy Information Center or EPIC) filed a complaint with the Federal Trade Commission, alleging that the two companion games Cayla and i-Que, as well as their manufacturers, violate US federal privacy laws.
Watch the video