As a further test candidate in our big children’s smartwatch test, we analyzed the security of the MyKi from Bulgarian manufacturer Alterco Robotics. The following test report will show whether the product can keep up with our standards and convince with its security concept.

Application Security

The Android application for the MyKi (com.alterco.safewatch_kiddo; version 1.9.2) does not show any serious misconduct. A few small things, however, do spoil the overall good impression. The debug output on the Android logcat is too detailed for our taste – phone numbers, usernames, passwords etc. are listed here. On newer Android versions this is usually not a problem, but on older versions or rooted phones this could be exploited by malware to spy on sensitive data and gain access to the user account.

Excerpt from Android’s logcat showing user credentials, watches position and phone book entries

Locally the application saves some data, including user names, passwords etc. in plain text in the Android secured app directory. Again, this is not a fundamental vulnerability, as the security mechanisms integrated in Android normally prevent access to this directory. On rooted phones, however, this could again become a potential problem that could be exploited by attackers.

Online Communication

Communication over the Internet is completely encrypted in all observed cases. Even our standard man-in-the-middle attacks did not lead to success – registration and further communication with the cloud services seemed to be adequately secured at all times and without obvious weaknesses. In this respect, our tests have not been able to identify any reason for criticism.

Data Privacy

The privacy policy is written in complex English language and provides information on important topics such as the purpose of data storage. The phone book is transferred to the manufacturer’s server in order to add individual entries to the phone book of the children’s watch. It is unclear why not only the selected entries are synchronized. The storage duration of recorded data such as the location history is not mentioned. Particularly for products that record data about children, great importance should be attached to data protection aspects.

Android App permissions
Android App permissions

Conclusion

The MyKi Kids-Smartwatch proved to be a very successful product in our test, which shows only a few minor weaknesses in the area of application security. All in all, it is enough for a good 2 out of 3 stars on our rating scale and a solid overall impression.