Study reveals smart home privacy risks, with Amazon Alexa the most hungry for user data
July 16 2024 - 8:30AM
The smart home market has been growing steadily for almost a
decade. According to Statista, the number of smart home device
users is expected to rise from 424.5 million to a record high of
785.16 million by 2028. Smart devices today can be anything — from
pillows to showers and toilets — and many require an app, which in
turn requires our data.
But with showers and mattresses collecting data, is home still
our most private place? Surfshark’s recent study, Smart Home
Privacy Checker, revealed that 1 in 10 smart home apps collect data
for the purpose of user tracking. Amazon and Google have developed
the most data-hungry smart home device apps, which are used by
millions daily.
"In an era where convenience frequently takes precedence over
privacy concerns, our latest research has uncovered a troubling
trend in smart home device apps, notably from tech giants like
Amazon and Google. It is important to understand that this issue
extends beyond just data collection; it encroaches upon the
intimate aspects of users’ lives, which, if mismanaged, could lead
to data theft, security breaches, and the unsanctioned,
uncontrolled dissemination of personal information to third
parties. Users must be made aware and given the means to reclaim
their digital privacy," states Goda Sukackaite, Privacy Counsel
at Surfshark.
Why should we be concerned?
According to Surfshark’s analysis, various smart home apps often
collect large amounts of personal data, including names, contact
info, emails & text messages, and even browsing history. After
gathering data, apps may track you to show targeted ads or share
your information with third parties and data broker companies.
These companies use your personal information for purposes like
targeted advertising, credit risk assessment, or market research.
Thus, you might end up paying twice for using these apps — once for
the device and again with your data.
What can we do to protect our privacy?
Smart devices collect vast amounts of data, yet most consumers
will likely continue using them for convenience. So, how can we
protect our privacy while using them? According to Goda Sukackaite,
if you use smart devices, you should:
- Seek out and utilize privacy
settings;
- Actively manage app permissions
and question those that seem excessive;
- Disable unnecessary microphones
and cameras on smart devices and evaluate if the app asking to use
your microphone or camera really needs it to perform its
function;
- Stay informed about the data
security policies of the smart home devices you choose;
- Check what information is
collected by your smart device apps and choose the ones that are
less invasive of privacy. To check what data is collected by smart
device apps, you can visit Surfshark’s Smart Home Privacy
Checker.
Which apps collect the most data?
According to Surfshark’s study, Amazon's Alexa collects 28 out
of 32 possible data points — over three times more than the average
smart home device. This data is linked to individual user profiles
and includes precise location, contact information (email, phone
number), and health data.
Google gathers a little less than Amazon, collecting 22 out of
32 possible data points. That's still nearly triple the amount
typically collected by other smart home devices. Like Amazon,
Google links all collected data to the user. Some of the most
notable collected data points are address, precise location, photos
or videos, audio data, browsing, and search history.
Outdoor security cameras collect the most user data among smart
home devices, and within this category, the Deep Sentinel and Lorex
apps are the most invasive.
What’s the way forward for smart home devices and data
collection?
Our data is highly valuable, especially to third-party
advertisers, data brokers, and other entities that use it to build
their businesses. As more of our essential details and documents —
such as signatures, passports, and bank accounts — move online,
data protection becomes increasingly more important. Many countries
are already enacting stricter data protection laws, such as the
GDPR in Europe, to address potential privacy issues.
However, stricter laws will not help if we, as users, agree to
share our data without a second thought. We need to be more
vigilant about where and how our data is utilized. This means
reviewing the permissions we grant to our devices and apps,
scrutinizing privacy settings, and considering whether an app or
device actually needs the information it requests. Data protection
starts with our actions and our permissions. Therefore, the best
way to safeguard your personal information in the future is to take
greater responsibility for it personally.
METHODOLOGY
The Smart Homes Privacy Checker scrutinized 290 applications
connected to over 400 Internet of Things (IoF) smart home devices,
selecting apps corresponding to 64 device types highlighted for
their popularity in online articles about IoT device searches.
Surfshark's Research Hub analyzed the data from the apps' listings
on the Apple App Store, examining 32 potential data points across
12 categories, emphasizing user uniqueness, tracking, and linkage.
The most invasive apps were then ranked considering the number of
unique data points collected, the scope of tracking-related data
points, and the amount of data linked to users. For more
information, visit
surfshark.com/research/smart-homes/methodology
NOTES TO EDITORS
Surfshark is a cybersecurity company focused on developing
humanized privacy and security solutions. The Surfshark One suite
includes one of the very few VPNs audited by independent security
experts, an officially certified antivirus, a private search tool,
and a data leak alert system. Surfshark is recognized as the Tech
Advisor’s Editor’s Choice for 2024. For a closer look at Surfshark
in 2023, visit our annual wrap-up. For more research projects,
visit our research hub at: surfshark.com/research