Kids' AI toy apps are asking for permissions that have no business being on a child's device.
A study by Cybernews examined apps connected to 10 different AI-enabled toys and found that every single one requested permissions flagged as "dangerous" under standard mobile security classifications. That category typically covers access to a device's camera, microphone, location, or contacts — the kind of data collection that would raise flags on any app, let alone one marketed to children. The researchers did not name which toys were tested, but the finding applied across the board.
This matters because parents buying AI toys are implicitly trusting that the connected software meets a higher bar, not a lower one. Children's apps fall under stricter regulatory frameworks in many markets — COPPA in the US, for instance, limits data collection on users under 13 — but regulations only matter if they're enforced and if companies comply before a regulator comes knocking.
The AI toy market has grown fast enough that oversight hasn't kept pace, and that gap is exactly where data collection quietly expands. If your kid's stuffed rabbit needs microphone access to function, that's one conversation; if it also wants your location and contacts, that's a different one worth having with the return policy in hand.