Learn more about the privacy practices of e-reader apps and devices
We evaluated the privacy of e-reader apps and devices in our article, E-Reader Apps and Devices Are Having a Moment: But Which Ones Protect Your Privacy? In the article, you can learn more about the different types of e-reader apps, find out the risks of each, compare their privacy practices, and discover what parents and educators can do to protect the privacy of their kids and students.
In this article, our hands-on security testing reveals how e-reader devices protect the security of your kids' or students' personal information.
To jump to a specific section of this article, please click on a link below:
- Products we rated
- How we rate privacy
- How we test security
- What we found
- Data sharing
- Data safety
- Account protection
- Device security
- Software updates
Products we rated
We tested the most popular e-reader devices, tablets, and reading apps to identify the potential privacy risks and harms that may affect the children, students, and families who use these devices. We tested the following devices and their companion reading apps:
- Apple Books on the iPad
- Google Play Books on the Lenovo Smart Tab M10
- FreeTime Unlimited on the Amazon Fire HD 8 Kids Edition Tablet
- Kindle on the Amazon Kindle Paperwhite
- Nook on the Barnes and Noble Nook GlowLight
- Samsung Kids+ on the Samsung Galaxy Tab A
1. Apple iPad
Price: $399.00
Buy: Apple
App: Books
Privacy Rating:
79% 
Best for Privacy: The Apple iPad offers easy reading integration with Books and other popular apps on the iOS App Store, but it is the most expensive device we tested.
Read the Standard Security Report.
2. Lenovo Smart Tab M10
Price: $169.99
Buy: Lenovo
App: Google Play Books
Privacy Rating:
75% 
Best for Third-Party Apps: The Lenovo Smart Tab is intended to be used to read books with other third-party reading apps, like Google Play Books, Overdrive, or Scribd, but parents and educators should use it with caution because of its potential to collect a large amount of data about children or students without parental consent.
Read the Standard Security Report.
3. Amazon Fire HD 8 Kids Edition Tablet
Price: $149.00
Buy: Amazon
App: Amazon FreeTime Unlimited
Privacy Rating:
63% Best Content for Kids: With FreeTime Unlimited, the Amazon Fire HD 8 Kids Edition Tablet offers great kid-friendly music, videos, Kindle books, audiobooks, and Spanish content, but parents and educators will need to pay for a yearly FreeTime subscription to get the most out of the device.
Read the Standard Security Report.
4. Amazon Kindle Paperwhite
Price: 149.99
Buy: Amazon
App: Amazon Kindle
Privacy Rating
62% Best for Books: The Kindle Paperwhite is intended to be used for books, magazines, and audiobooks, but parents and educators should use it with caution because it can display advertising on the device unless users choose to pay for privacy.
Read the Standard Security Report.
5. Barnes and Noble Nook
Price: $119.99
Buy: Barnes and Noble
App: Nook
Privacy Rating:
62% Best for Just Reading: By design, the Nook is only for reading books and not to be used with any other apps, but parents and educators should be cautious because of the device's integration with Facebook and Goodreads.
Read the Standard Security Report.
6. Samsung Galaxy Tab A
Price: $199.00
Buy: Samsung
App: Samsung Kids+
Privacy Rating:
43% Best for Android: With kid-friendly content through Samsung Kids+ just for Android devices, the Samsung Galaxy Tab A offers features for both parents and kids, but adults should use it with caution because Samsung uses ad trackers on the device to share data with third-party companies.
Read the Standard Security Report.
How we rate privacy
Privacy and security are intertwined, and security is the foundation of effective individual privacy. When evaluating whether to have children use an e-reader or tablet smart device for reading at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy policies and security practices of the device. To create a truly comprehensive evaluation process, the Common Sense Privacy Program completes a full, in-depth, 150-point inspection of a product's privacy policies in order to offer privacy ratings that are easy to understand.
How we test security
We also do hands-on security testing of each smart device, based on Consumer Reports' Digital Standard. The Digital Standard is a set of expectations for how smart tech manufacturers should handle privacy, security, and other digital rights. The goal of the Digital Standard testing criteria is to educate consumers about a product's privacy policy and security practices, and to influence smart tech manufacturers to take these concerns into consideration when developing their products.
The Privacy Program uses the Digital Standard to do hands-on basic security testing of the 10 most critical security practices that parents and educators say they need to make an informed decision. These security practices include information collection from a smart device and its companion mobile application, and the transmission of information between the device and the internet.
In addition to basic security testing of these most critical security practices, Common Sense created an 80-point full security assessment of these most important security practices of a smart device and companion mobile application that incorporates Consumer Report's Digital Standard with the Ranking Digital Rights questions and OWASP IoT Security questions.
The combination of Common Sense's privacy evaluation and Consumer Report's Digital Standard security testing criteria results in the most comprehensive testing of a smart device and its companion mobile application currently available to help consumers make an informed decision about whether to use a product with their children and students.
What we found
Our hands-on security testing of the following six e-reader and tablet devices focused on the 10 most critical security practices around the collection of information from the device and its companion e-reader application, and on the transmission of information between the device, the application, and the internet.
The following charts show what we found in both the hardware of the e-reader itself (in the row labeled "Device") and in the default companion application installed on the device (in the row labeled "App"). The charts compare the basic privacy and security testing details of all the e-reader and tablet devices. For more hands-on security testing information about each product, click on the product's name in the chart below. All the e-readers or tablets have a companion application that was used to extend the functionality of the device for reading books, and transfer data between the app, the device, and the internet.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Books | FreeTime Unlimited | Nook | Kindle | Samsung Kids+ | Google Play Books |
Data sharing
Evaluating data sharing takes into consideration best practices of keeping personal data inside the application or smart device to help protect privacy. Connecting social media accounts could allow children or students to share personal information with other people and with third-party companies. In addition, installing third-party apps with a smart device could allow the collection and use of personal information for a different purpose.
The Apple iPad allows third-party social media-related applications to be installed through the iOS App Store, and the Samsung Galaxy Tab and Lenovo Smart Tab also allow social media-related applications to be installed through the Google Play App Store. However, the Amazon devices, including the Fire HD 8 Kids Edition and the Kindle Paperwhite, limit functionality by not allowing third-party app stores, but they still allow social network interactions through the integrated Goodreads app.
Lastly, the Lenovo Smart Tab allows users to authenticate with their Google account instead of creating a new Lenovo account, and the Nook allows users to authenticate with Google or Facebook instead of using a Barnes and Noble account. This allows data sharing between the tablet and Google or Facebook.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | Yes | N/A | N/A | Yes | No |
| Device: | Yes | No | Yes | Yes | Yes | Yes |
| Method: | Third-party apps | Goodreads | Facebook/Google account login | Goodreads | Third-party apps | Third-party apps |
All of the devices allow access to either an ebook store or third-party app store for applications to be installed that can extend the functionality of the device, but can also increase the types and amount of data collected and shared with third-party companies. Both the Barnes and Noble Nook and Amazon Kindle devices limit third-party features to only purchasing books from the device's BookStore because they are restricted to only reading ebooks compared to the other devices we tested.
However, the Amazon Fire HD 8 Kids Edition does allow access to the Amazon App Store, but restricts which applications can be installed to only the FreeTime unlimited category of content that has been approved for children younger than 13. Devices that allow third-party apps to be installed can increase the user's risk of installing malicious apps that can steal sensitive personal information. Also, third-party apps may not have the same privacy and security protections and may be able to collect personal data, including passwords.
| Apple iPad |
Amazon Fire HD 8 Kids Edition |
Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | No | N/A | N/A | Yes | Yes |
| Device: | Yes | No | N/A | N/A | Yes | Yes |
| Method: | Apple Siri | None | None | None | Google Assistant | Amazon Alexa |
The Apple iPad uses the voice assistant Siri to listen and respond to voice commands. The Amazon Fire HD 8 Kids Edition restricts a FreeTime Unlimited child's profile from accessing the voice assistant Alexa, but Alexa is still available from a parent's profile and account on the device. The Samsung Galaxy Tab and Lenovo Smart Tab also integrate a user's Google Account with Google Assistant during the set-up process to manage account profiles and settings on the device. However, the Lenovo Smart Tab allows users to integrate with both Google assistant and Amazon Alexa, which is designed to provide always-on additional voice assistant docking features.
Audio information about the duration, tone, pitch, and content of voice communications, as well as when and where those communications happened, may contain personal or sensitive information. This is a risk to a greater number of people's privacy when a device is in a public place, outdoors, or classroom than when it's used in a private home. In addition, the personal content of voice assistant commands could be shared between apps and the third-party companies. Click to learn more about our privacy evaluations of the voice assistant apps, Apple Siri, Google Assistant, and Amazon Alexa.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | Yes | Yes | Yes | Yes |
| Method: | App Store and BookStore | FreeTime content and Amazon App Store |
Nook BookStore |
Kindle BookStore | Galaxy App Store and Google Play App Store | Google Play Store and BookStore |
Device safety
Evaluating device safety takes into consideration best practices of using privacy protections by default and limiting potential interactions with others. It's better to start with the maximum privacy that the app or device can provide and then give users the choice to change the settings. In addition, users talking to other people through the app or device might permit personal information to be shared with strangers.
All six devices provide privacy-protecting controls that prompt the user to give opt-in consent on both the device and reading application before personal data is collected. This approach allows users to provide informed consent at the point where personal or sensitive information is collected. Other privacy controls, such as parental consent, profile switching, social interactions with phone calls, and use of third-party app stores, all require opt-in consent to activate and use.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | Yes | Yes | Yes | Yes |
| Method: | Parental controls and account settings | FreeTime profile and restrictions | Account settings | FreeTime profile and restrictions | Samsung Kids | Google account settings and Lenovo Kids account |
The Apple, Samsung, and Lenovo devices all provide social interaction features to send and receive text messages, emails, and third-party app notifications through the device. By design, the Amazon Kindle Paperwhite and Barnes and Noble Nook limit the functionality of the devices to only reading to avoid distractions. The Amazon Fire HD 8 Kids Edition is different because it restricts only the child's FreeTime account profile and prevents the use or installation of applications that could allow children to have unsafe social interactions with strangers.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | No | N/A | N/A | No | No |
| Device: | Yes | N/A | No | Yes | Yes | Yes |
| Method: | Messages, mail app, and App Store | None | None | Goodreads | Mail and Galaxy app store | Google Duo, Hangouts, Gmail, Skype, and Google Play Store |
Account protection
Evaluating account protection takes into consideration best practices of using strong passwords and providing accounts for children with parental controls. Strong passwords can help prevent unwanted access to personal information. Children younger than 13 may not understand when they are sharing personal information, so they should be required to create special accounts with more protection under the law. Lastly, parents can help children younger than 13 use a device or app with digital well-being protections in mind with parental controls.
All six devices have complex password or passphrase requirements to create an account in order to use the device. Five devices also require the user to create an account with the manufacturer before interacting with a reading application. However, the Samsung Galaxy Tab and Lenovo Smart Tab also integrate a user's third-party Google Account into the device set-up process to manage the device and access profile controls. Using multiple accounts to manage all the settings of a device could allow personal information collected from the device or companion applications to be shared with third parties.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | Yes | Yes | Yes | Yes |
| Method: | Apple ID | Amazon account | Barnes and Noble account | Amazon account | Google and Samsung account | Google and Lenovo ID account |
All six devices handle parental consent and parental controls differently. For the Apple iPad, a user is prompted to enter their existing Apple ID username and password to personalize their tablet. If a user does not have an Apple ID, they can create a new Apple ID account and are asked to enter their birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the app requests that a parent or guardian provide consent for the child or student.
The Amazon Fire HD Kids Edition and Amazon Kindle Paperwhite require a parent or guardian to create an Amazon account. A user is prompted to enter their existing Amazon username and password to personalize their device. If a user does not have an Amazon account, they can create a new Amazon account and are asked to enter their full name, email address, and password. Once a user confirms access to the email address registered with their new Amazon account, they are then prompted to set up Alexa (if available) and their new device. On both devices, a parent is able to provide consent through the FreeTime Unlimited app settings of their Amazon account, where they can create a child profile for a user younger than 13 during the set-up process.
The Barnes and Noble Nook requires the device owner to create a new Barnes and Noble account or log in to the device with their existing Facebook or Google account. If a user does not have a Barnes and Noble account, they can create a new account by providing their full name, email address, and password. Once a user confirms access to the email address registered with their new Barnes and Noble account, they are then prompted to set up their new device. The Nook provides no age-gate or attempt to require a user to enter a birth date to confirm the user's age beyond the privacy notice and conditions of use stating that users must be over 18 years of age to register. Therefore, a user younger than 13 can create a new account and interact with their new device without parental consent.
For the Samsung Galaxy Tab, a user is prompted to first sign in with their Google Account. If a user creates an account after connecting to a WiFi network, the device requests personal information, including the user's first and last name, phone number, and birth date, to confirm the user's age. If a user provides a birth date that indicates they are younger than 13, the device requests that a parent or guardian provide consent for the child or student. A parent must provide consent through an email address or phone number before the child can use the device by signing up for an account themselves. After the parent or guardian has provided consent for their child and started the registration process with Family Link, they must enter personal information, including an email address and a password that meets strong and complex password requirements.
After a user signs in or creates an account with Google on the Samsung Galaxy Tab, they are also prompted to sign in to or create a Samsung account. The device requests personal information, including the user's first and last name and birth date to confirm their age. If a user provides a birth date that indicates they are younger than 13, the device states they "must meet the minimum age requirement" and does not allow the underage user to register for a Samsung account. Lastly, creating a child profile is handled when a user creates an additional account on the device with Samsung Kids.
The Lenovo Smart Tab also prompts a user to first sign in with their Google account. In addition, after a user signs in or creates an account with Google on the Smart Tab, they are also prompted to sign in or register a Lenovo ID to personalize the device. After creating a Lenovo ID, the parent or guardian is finally prompted to set up a Samsung Kids account profile to complete the activation process for the device.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | No | Yes | Yes | Yes |
| Method: | Family account | FreeTime account | None | FreeTime account | Samsung Account and Kids+ account | Google account, Lenovo ID, and Kids account |
For the Apple iPad, a parent must provide consent through the Family Sharing setting of their Apple ID account, where they can create an Apple ID for their child. A parent must first review Apple's parent privacy disclosure, then enter their child's personal information, including an iCloud.com email address and a password that meets strong and complex password requirements. Parental controls for a child profile are available through Screen Time in the Settings section of the iPad.
The Amazon Fire HD 8 Kids Edition allows a parent or guardian to monitor their child's profile with parental controls for older children and teens. Parents can also manage a child's FreeTime Unlimited experience, which includes setting daily goals and time limits, to support educational reading habits. In addition, parents can add or remove content filters, change in-app purchasing restrictions, limit web browsing, and change camera settings.
At the time of testing, the Barnes and Noble Nook did not have any parental controls or child accounts. The Amazon Kindle Paperwhite also did not prompt users to create child accounts during the set-up process, but the Kindle does allow users through the Settings section to create personalized child profiles with Amazon FreeTime and use parental controls to restrict web browsing, the Book Store, and Goodreads.
The Samsung Galaxy Tab provides a "Kids Home" with a parental control dashboard, and instead of creating a child profile, the Samsung Kids Home locks the home screen to approved kid-friendly apps and content, which requires a parental consent PIN to leave. In addition, parents and guardians are encouraged to purchase Samsung Kids+ which has even more kid-friendly books, content, and apps.
The Lenovo Smart Tab creates a Lenovo Kids Account with a Kids Home Screen featuring kid-friendly apps, videos, games, and websites. Switching from the Kids account requires a PIN and gives parents a Parent Dashboard to approve apps, channels, websites, and usage analysis.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | Yes | N/A | N/A | Yes | No |
| Device: | Yes | Yes | No | Yes | Yes | Yes |
| Method: | Family account | FreeTime child profile | None | FreeTime child profile | Samsung Kids+ and Kids mode | Lenovo Kids account |
Device security
Evaluating device security takes into consideration best practices of securing personal information against unwanted access when it is shared between the mobile device, smart tech, and the internet. Keeping personal information encrypted, or masked, protects information during transmission. In addition, advertising and tracking requests from the device or app could contain personal information about the user, including what they're doing with the device or app.
The Apple iPad only sent and received network requests during testing to Apple-related cloud services, and no advertisement requests were observed. Similarly, the Amazon Fire HD 8 Kids Edition, Barnes and Noble Nook, and Lenovo Smart Tab only sent and received network requests during testing to their company-specific cloud services, and no advertisement requests were observed.
There were also no advertisement requests observed with the Amazon Kindle Paper White, but we did not have the "Special Offer" model, which would have displayed advertisements if users chose not to pay more for privacy. In addition, the Kindle without "Special Offers" still displayed advertisements to purchase additional Kindle Unlimited and Audible subscriptions during the set-up process that came from first-party Amazon services.
Lastly, the Samsung Galaxy Tab displays a Galaxy Essentials advertisement to download must-have Samsung-related apps, and the Samsung Galaxy Store app also displays prominent promotions to purchase additional products and apps. Parents and guardians are also encouraged to purchase a subscription to Samsung Kids+ to get the most out of using the device with children.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | No | N/A | N/A | No | No |
| Device: | No | No | No | Yes | Yes | No |
| Method: | None | None | None |
Special Offers, Kindle Unlimited, and Audible |
Galaxy Essentials, and Samsung Kids+ | None |
The Apple iPad only sent and received network requests during testing to Apple-related cloud services. However, our testing observed that the Amazon Fire HD 8 Kids Edition and Barnes and Noble Nook sent and received data to the third-party tracking service Facebook during the set-up process, even though the devices were never logged in to Facebook at any time during testing. In addition, no tracking requests were observed with the Amazon Kindle Paperwhite, but without the "Special Offer" model it was not possible to determine whether the device would have used trackers if users chose not to pay more for privacy.
We also observed that the Samsung Galaxy Tab and Lenovo Smart Tab sent and received data to known third-party advertising and tracking domains, such as DoubleClick, and other ad networks, such as Facebook, that could be used for tracking or profiling purposes.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | No | No | N/A | N/A | No | No |
| Device: | No | Yes | Yes | No | Yes | Yes |
| Method: | None | None | DoubleClick | DoubleClick and Facebook |
Software updates
Evaluating software updates takes into consideration best practices of keeping a smart device secure with up-to-date software patches and settings. When a company improves its app or device, better privacy and security should be part of the package and should be automatically updated or easy to update.
All six devices provided firmware updates for the devices and software updates for the companion mobile reading applications. Also, all devices provided notice to the users to update the firmware of the device upon activation and to update the companion mobile application when an update was available through the iOS or Google Play App Store. However, parents and educators should also keep in mind that smart devices may not continue to provide software updates past the product's warranty. And if smart devices do not receive regular security updates and patches, there could be an increased risk to a child's or student's personal information.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | Yes | Yes | Yes | Yes |
| Method: | App Store | Firmware update | Firmware update | Firmware update | Software update | Software update |
Software updates should always be transferred securely to the device with encryption to ensure malware or other harmful software is not unintentionally installed on the device, which could compromise the privacy of all users' personal information collected from the device and companion applications.
The Apple, Amazon, and Samsung devices and reading apps through the App Stores were all observed sending firmware and software updates with encryption to the devices. However, the Barnes and Noble Nook and Lenovo Smart Tab were observed sending a large amount of nonencrypted data from their respective update domain servers during the firmware update process. During the update process, both devices displayed a notice that the software update was being verified. It is possible that the software update download was verified on the device before installation to ensure the updates were not corrupted or contain malware, but this is not a security best practice.
| Apple iPad | Amazon Fire HD 8 Kids Edition | Barnes and Noble Nook | Amazon Kindle Paperwhite | Samsung Galaxy Tab A | Lenovo Smart Tab M10 | |
|---|---|---|---|---|---|---|
| App: | Yes | Yes | N/A | N/A | Yes | Yes |
| Device: | Yes | Yes | No | Yes | Yes | No |
| Method: | Encryption | Encryption | No encryption, but error check | Encryption | Encryption | No encryption, but error check |
table.products { border-collapse: collapse; border: thin solid black; table-layout: fixed; } th, td { padding: 10px; text-align: left; } .products th { border-right: thin solid; } .products td { border: thin solid black; text-align: left; } .products .header { background-color:#f0f0f0; }
For more information: Learn about our security testing of devices, our research of the security practices in the edtech industry, or check out our basic "how to" primer on edtech security. Also, under the California Consumer Privacy Act, you have the right to protect your personal information by making a "do not sell" request.
