Mémoire
| Résumé : | The fast development of Internet of Things (IoT) devices targeted at children has raised significant privacy concerns, especially due to the sensitive nature of the data these devices collect. This thesis explores the privacy landscape of children-oriented IoT devices, focusing on the analysis of their privacy policies and identifying vulnerabilities that could expose children's personal data. Examination of a range of devices, and identification of their common trends and features, allows to evaluate the quality of existing privacy policies and highlight shortcomings in user awareness. An examination of legislation around the globe further enables an analysis of privacy policies from a legal perspective. After thorough analysis of multiple privacy policies of children-oriented devices and identification of positive and negative aspects of these, a list of characteristics of a good privacy policy is provided, as well as recommendations for users and manufacturers. The list does not only contain elements that companies are legally obliged to follow but also recommendations to make the privacy policy more user-friendly and as complete as possible. This research employs the LINDDUN GO privacy modelling framework mixed with static analysis to uncover vulnerabilities in a smartwatch selected based on its privacy policy and popularity on the market. Issues with the insecure design of the watch, coupled with a vulnerable companion application that does not follow the principle of data minimisation, create an unsafe product used by millions of users. |
