1 in 10 smart home apps use data for user tracking
The smart home market has experienced a continuous uptrend over nearly a decade, with an expected increase of 424.5 million users worldwide to a record high of 785.16 million by 2028, according to Statista.
However, privacy is often overlooked when users focus on the convenience of home automation. Is the home still the most private place for us? A recent study, “Smart Home Privacy Checker” by Surfshark’s research hub, revealed that 1 in 10 smart home apps collects data for the purpose of user tracking, while Amazon and Google have developed the most data-hungry smart home device apps, used by millions daily.
“In an era where convenience frequently takes precedence over privacy concerns, our latest research has uncovered a troubling trend in smart home device apps, notably from tech giants like Amazon and Google. It is important to understand that this issue extends beyond just data collection; it encroaches upon the intimate aspects of users’ lives, which, if mismanaged, could lead to data theft, security breaches, and the unsanctioned, uncontrolled dissemination of personal information to third parties,” states Goda Sukackaite, Privacy Counsel at Surfshark.
“To counteract this, individuals should actively seek out and utilize privacy settings, question and manage app permissions, and stay informed about the data security policies of the smart home devices they choose to integrate into their lives.”
Amazon’s Alexa app collects most data
According to a new study, Amazon’s Alexa collects the most data – 28 out of 32 possible data points. That’s more than three times the average for a smart home device. Moreover, all collected data is linked; each piece of data is associated with an individual user profile. This data includes precise location, contact information (email, phone number), and health-related data.
The four data points Alexa does not collect can be inferred from other data. For instance, while Alexa does not record browsing history, it does capture search history. It may not collect fitness data, but it does gather health data and other sensitive information correlated to it.
Google gathers slightly less than Amazon, collecting 22 of 32 possible data points. That’s still nearly three times the amount typically collected by other smart home devices. Like Amazon, Google links all the collected data to the user. Some of the most notable data points collected include address, precise location, photos or videos, audio data, browsing, and search history. The extensive collection of such data can be concerning because it may compromise user privacy and potentially be exploited for targeted advertising, surveillance, or even malicious purposes if it falls into the wrong hands.
You pay twice: first for device and later with data
After apps gather data, they may track you to display targeted ads or share your information with third parties and data brokers. In such instances, you effectively pay twice for those Internet of Things (IoT) apps: initially for the device and subsequently with your data, which might be monetized. Smart device apps typically monitor users through their device ID, email address, and product interactions. Roughly one-third of the apps that collect data focus on these specific points. Some applications go further, even tracking the user’s precise location. Examples include Canary-Smart Home Security, Kenmore Smart, and NuWave Connect.
Compared to other smart home devices, outdoor security cameras are among those that collect the most user data. On average, they gather 12 data points, 50% more than the average for other smart home devices. Furthermore, they link 7 of those 12 points to the user’s identity. The Deep Sentinel and Lorex apps are the reasons why security cameras rank so high on the data collection list.
Furthermore, 12 of 290 analysed applications have not updated their data collection practices for at least a year, raising concerns about transparency and compliance with privacy laws. App developers must maintain clear and current privacy policies to remain trustworthy. Of the twelve apps examined, MekaMon and Cozmo are designed to control children’s toys and have the capability to collect sensitive information, including precise location, photos or videos, and audio recordings.