Introduction
A Dutch children’s smart watch in our comparison test is the Belio children’s watch from the manufacturer of the same name. During the test, it turned out that this watch and the HellOO Watch, about which we have already published a test, are the same device. In the following, we will discuss the differences in detail.
Checking the App
Belio uses the same Chinese app as HellOO. It is not obfuscated, making it easier for potential attackers to reverse-engineering the app’s functionality.
The behavior regarding the storage and logging of access data also applies here. However, since developer or root authorizations are required for this access, this is not considered negative.
Online communication
In contrast to the HellOO Watch, a large part of the Internet communication of the Belio children’s watch is TLS1.2-encrypted and thus protected against simple man-in-the-middle attacks. The addressed servers and the communication process are identical, but Belio uses a self-signed certificate and secures the communication.
Improvable Privacy
In contrast to HellOO, Belio has a privacy policy that also covers the use of the watch and app. It is only available in English and leaves several points unanswered. In addition, it is not accessible on the manufacturer’s website or from the app, but only via the link in the Google Play Store.
Information regarding anonymization and storage time is missing, furthermore contact data for privacy related questions should be added.
The Belio app requires identical permissions as the HellOO app. Since the privacy policy does not deal with this, there is the possibility of an excessive data collection. This point should also be improved.
Conclusion
The Belio children’s watch communicates with Chinese servers, but via TLS1.2-encrypted channels. The logging of access data in the app as well as the improvable privacy policy including many app permissions lead to one point deduction and thus to a rating of 2 out of 3 stars in our comparison test.