Security Assessment Process

Privacy and security are intertwined, and security is the foundation of effective individual privacy. When evaluating whether to use a smart device at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. To create a truly comprehensive evaluation process, the Common Sense Privacy Program combines a full, in-depth, 150-point inspection of the privacy policies of a product with a hands-on security assessment. The result is the most comprehensive privacy and security evaluation of a smart device aimed at children and students currently available.

Privacy

The Common Sense Privacy Program evaluates popular applications and services for children, protects child and student privacy, and supports a more secure digital future for kids everywhere. Our evaluations help parents and teachers make sense of the complex policies and terms of popular tools used at home and in classrooms across the country.

For more than 15 years, Common Sense has been a trusted resource for millions of parents and educators as they guide their children and students through the digital world. The Privacy Program is backed by the Common Sense Research Program, led by a team of experts in privacy law, and designed to shed light on critical issues for child and student learning and digital citizenship.

In the past year alone, parents and schools have faced new challenges when it comes to balancing the power of smart devices with the requirements and concerns of online privacy and security. That's why the Common Sense Privacy Program was created: to champion child and student privacy and to support parents, classrooms, schools, and communities on a path toward a more secure digital future for all kids.

Parents and educators can use our easy-to-understand privacy evaluations to make informed choices about the products they use at home and in the classroom and pass on that information to students and families using apps at home. With Common Sense privacy evaluations, anyone can confront privacy concerns before they start. Helpful summaries show how companies address safety, security, privacy, and compliance in their policies and terms of service. Privacy evaluations speed up the decision-making process so educators can find the most appropriate tools to use with students in the classroom and in their daily lives.

Security

The Privacy Program conducts a hands-on basic security assessment of the five most critical security practices around the collection of information from a smart device and from a mobile application, and the transmission of information between the device and the app. In addition to a basic security assessment of the five most critical security practices of a smart device, the program created a full, 80-point inspection of the security practices of a smart device and mobile application.

The following criteria and indicators of both a smart device and a mobile application are used to complete a basic security assessment:

1. Category: Data Collection

Criteria:

  • Personal information
  • Camera access
  • Video access
  • Microphone access
  • Location access

Indicators:

  • Assess whether personal information, audio information, photographic information, and/or video information is collected by the device or application running on a mobile device.

2. Category: Privacy Controls

Criteria:

  • App permissions
  • Data sharing
  • First- or third-party marketing

Indicators:

  • Assess whether the default for privacy controls or preferences on the mobile application are strong privacy protections for the user.

3. Category: Account Protection

Criteria:

  • Strong passwords used
  • Age gate in place
  • Parental controls available

Indicators:

  • Assess whether there is a strong password or complex pass-phrase requirement to create an account, and no default username or password is used.
  • Assess whether there are restrictions on children creating accounts and methods for a parent or guardian to provide consent.

4. Category: Network Security

Criteria:

  • Secure Wi-Fi
  • Secure Bluetooth

Indicators:

  • Assess whether the application or device's network traffic over Wi-Fi is encrypted.
  • Assess whether any Bluetooth connection between the device and mobile application is secured with pin pairing.

5. Category: Software Updates

Criteria:

  • Automatic software and/or firmware updates
  • Encrypted software updates

Indicators:

  • Assess whether the application or device receives firmware (software on the device used for operation) or update files using encryption.
  • Assess whether software or firmware updates are easy to install or automatic.