They're cute and fun, they answer "Why" questions with more patience than most parents, and they keep kids occupied for hours on end. But are tech toys a danger for kids?
As internet-connected products gain in popularity with both children and parents, toy marketers are grappling with the challenges of selling products that could be hacked, opening the door to privacy concerns and PR disasters.
"If you're traditionally a toy company and now you're adding this layer of connectedness, you're wading into areas you know nothing about," said Michele Martel, an attorney who runs consultancy Martel Media House. "You're not a tech company, but you've become one because now you're an Internet-of-Things company."
No one -- not big players like Mattel and Hasbro nor independent startups like Wicked Cool, the company behind the Teddy Ruxpin reboot -- is immune to the pitfalls. While marketers already must conform to regulations laid down in the Children's Online Privacy Protection Act, these new devices can go deeper and introduce issues many toy makers did not foresee, like children sharing connected toys that other parents have not approved, for example. Earlier this month, the University of Washington released a study on the issue, and found that toy designers need to better communicate with customers around the full capability and dangers of devices.
Security pitfalls aplenty
There's already been fallout. When El Segundo, Calif.-based Mattel this year released Aristotle, a smart baby monitor that grows with a baby to become an AI-type friend for children, the Campaign for a Commercial-Free Childhood public service group immediately denounced the $300 device as a "data-collecting intruder." Mattel declined a request for comment.
Aristotle follows in the footsteps of My Friend Cayla, a talking doll made by Genesis that records conversations. It was banned in Germany amid spying anxiety. VTech and Mattel's Hello Barbie have also had security issues in recent years.
"Most of the really hot tech stuff is interactive," acknowledged Chris Byrne, a toy industry consultant and content director for TTPM, which stands for Toys, Tots, Pets & More. "Whenever you have something that's about data and people are connecting data, there's a vulnerability there."
Some brands say that fully interactive toys are not always needed, especially for the youngest of consumers. Wicked Cool's Teddy Ruxpin, which connects to an app via Bluetooth, engages with kids via LED eyes and is primarily a storyteller, said Jeremy Padawer, a partner at the Philadelphia-based company. Wicked Cool also makes Baby So Real, a Cabbage Patch doll equipped with 40 different facial expressions to communicate emotions. Neither exist in an "open universe" connection that could fall prey to hackers, Padawer said.
"The more open the architecture, the more risk you introduce to the kid," he said. "Baby So Real is a baby doll that's not going to engage with a 12-month-old on policy."
Robots in the family
Of course, the older children get, the more they expect. And tech-hungry youths, who are increasingly accustomed to having a robot in the family -- whether Siri, Alexa or Google Home -- can become disinterested in dumbed-down devices. That poses another hurdle for marketers, noted Martel. She suggests brands be more transparent on packaging, making disclaimers much like "Batteries not included," about the risks associated with certain devices, or at least direct consumers to more details online. In addition, industry guidelines with a set of best practices could also help manufacturers.
"Toy companies need to lean forward into this and be super transparent with parents," she said. "That's a selling proposition [for marketing] as opposed to making it all about the shiny bells and whistles of the product."
CogniToys, a three-year-old brand, tackled the issue head-on with a blog post in the recent holiday season. In the post, company executives sought to reassure consumers concerned about privacy around Cogni's core product Dino, a speech-enabled smart dinosaur that converses with kids, by spelling out exactly how the device functions. Each Dino is individually encrypted, separate from the rest, which helps shield it from hackers. The security helps justify its relatively stiff $99 pricetag.
"We wanted to get ahead of the questions, because inevitably a bunch of questions come with this," said JP Benini, who co-founded Cogni parent company Elemental Path. "We wanted to state our policy and say this is what we've done to ensure and build it out."
The action was well-received by both customers and the tech community. The company, which generated around $2 million in sales last year, will continue to work with security researchers to protect its products. But not all brands are proactive.
"Most of these toys aren't toys -- they're consumer electronics that have more in common with a Canary camera or Rumba than a classic consumer toy," said Benini. "As soon as you give an address, you're inviting anyone out there to poke and prod and mess with it."