In an era where the convenience of smart home technology often eclipses privacy concerns, a recent study by Surfshark’s research hub has shed light on a troubling trend: 1 in 10 smart home apps are designed to track users. Amazon’s Alexa, a household name in smart devices, leads the pack in data collection, raising significant privacy concerns.

Rapid Growth, Rising Concerns

The smart home market has been continuously rising for nearly a decade. Statista projects an increase from 424.5 million users worldwide to a staggering 785.16 million by 2028. However, as homes become more brilliant, whether they remain private looms more significant than ever. The “Smart Home Privacy Checker” study reveals that tech giants like Amazon and Google are at the forefront of this data collection trend, embedding user tracking into their smart home device apps used by millions.

The Extent of Data Collection

According to the study, Amazon’s Alexa app is the most data-hungry, collecting 28 of 32 possible data points. This includes precise location, contact information (email and phone number), and health-related data. While Alexa does not explicitly collect browsing history, it captures search history, offering a comprehensive profile of user activities and preferences.

Google’s smart home apps are not far behind, gathering 22 of the 32 possible data points. These include address, precise location, photos or videos, audio data, and browsing history. The depth of data collected by these devices poses significant risks, from targeted advertising to potential misuse if the data falls into the wrong hands.

Privacy vs. Convenience: A Delicate Balance

Goda Sukackaite, Privacy Counsel at Surfshark, emphasizes the broader implications of this trend. “In an era where convenience frequently takes precedence over privacy concerns, our latest research has uncovered a troubling trend in smart home device apps, notably from tech giants like Amazon and Google. It is important to understand that this issue extends beyond just data collection; it encroaches upon the intimate aspects of users’ lives, which, if mismanaged, could lead to data theft, security breaches, and the unsanctioned dissemination of personal information to third parties. Users must be made aware and given the means to reclaim their digital privacy,” she states.

Paying Twice: The Hidden Cost of Data

Consumers often unknowingly pay twice for their smart devices: once with their wallets and again with their data. The collected data is used to display targeted ads or shared with third parties and data brokers for various purposes, including targeted advertising and market research. As a result, personal data is monetized, and users’ privacy is compromised.

Darius Belejevas, a cybersecurity and privacy expert from Incogni, underscores this concern. “Consumers should consider how much personal information they will need to give up before they buy such a device, especially when personal data is shared with third parties. As this study showed, one in ten smart home apps utilize data for user tracking. This implies that users’ data is not only linked to an individual’s identity but is also shared with data brokers or third parties to create targeted advertising campaigns. Potential risks of tracking include the loss of control over personal information when the data is in the hands of multiple entities, as well as a heightened risk of potential security breaches with personal information spread across various third parties and a surge in unwanted targeted ads or emails, among many others,” he notes.

Security Cameras: A Closer Look

Among smart home devices, outdoor security cameras collect the most user data, averaging 12 data points per device, 50% more than other smart home devices. These cameras link 7 of those data points directly to user identities. The Deep Sentinel and Lorex apps significantly contribute to this high data collection rate.

Transparency and Compliance Issues

The study also highlighted that 12 out of the 290 analyzed applications had not updated their data collection practices for at least a year, raising concerns about transparency and compliance with privacy laws. App developers must maintain clear and current privacy policies to remain trustworthy. Of the twelve apps examined, MekaMon and Cozmo, designed to control children’s toys, can collect sensitive information, including precise location, photos or videos, and audio recordings.

Steps to Safeguard Privacy

To counteract these privacy concerns, individuals should actively seek out and utilize privacy settings, question and manage app permissions, and stay informed about the data security policies of the smart home devices they choose to integrate into their lives. Users can reclaim control over their digital privacy in an increasingly connected world by taking these steps.

Methodology

The Smart Homes Privacy Checker scrutinized 290 applications connected to over 400 Internet of Things (IoT) smart home devices, selecting apps corresponding to 64 device types highlighted for their popularity in online articles about IoT device searches. Surfshark Research Hub analyzed the data from the apps’ listings on the Apple App Store, examining 32 potential data points across 12 categories, emphasizing user uniqueness, tracking, and linkage. The most invasive apps were then ranked considering the number of unique data points collected, the scope of tracking-related data points, and the amount of data linked to users. For more information, visit Surfshark Research Hub.

Written by: Jill Walsh

==================================