Smartwatch for children (RAPEX)
The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, the serial number can easily be retrieved and changed.
A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.
The product does not comply with the Radio Equipment Directive.
Originating Piece here
Measures ordered by public authorities (to: Distributor): Recall of the product from end users
Description: Smartwatch for children in a cardboard box 12x15x8cm. the product was sold online.
FTC Takes Action against Companies Falsely Claiming Compliance with the EU-U.S. Privacy Shield, Other International Privacy Agreements
European Data Protection Board – Eleventh Plenary session: Guidelines on Codes of Conduct, annex to the Guidelines on Accreditation, annex to the Guidelines on Certification