As a further test candidate in our big children’s smartwatch test, we analyzed the security of the MyKi from Bulgarian manufacturer Alterco Robotics. The following test report will show whether the product can keep up with our standards and convince with its security concept.
The Android application for the MyKi (com.alterco.safewatch_kiddo; version 1.9.2) does not show any serious misconduct. A few small things, however, do spoil the overall good impression. The debug output on the Android logcat is too detailed for our taste – phone numbers, usernames, passwords etc. are listed here. On newer Android versions this is usually not a problem, but on older versions or rooted phones this could be exploited by malware to spy on sensitive data and gain access to the user account.
Locally the application saves some data, including user names, passwords etc. in plain text in the Android secured app directory. Again, this is not a fundamental vulnerability, as the security mechanisms integrated in Android normally prevent access to this directory. On rooted phones, however, this could again become a potential problem that could be exploited by attackers.
Communication over the Internet is completely encrypted in all observed cases. Even our standard man-in-the-middle attacks did not lead to success – registration and further communication with the cloud services seemed to be adequately secured at all times and without obvious weaknesses. In this respect, our tests have not been able to identify any reason for criticism.
The MyKi Kids-Smartwatch proved to be a very successful product in our test, which shows only a few minor weaknesses in the area of application security. All in all, it is enough for a good 2 out of 3 stars on our rating scale and a solid overall impression.