[Update: Official Statement]Amazon’s Ring Doorbell App Sends Data to Third-Parties: Report
Security and privacy continues to be a nightmare with IoT devices, especially smart displays and connected cameras that have often been accused of spying on users. Amazon’s Ring security cameras have also been in the news for allegedly allowing users to spy on their neighbors, and latest reports now suggest that the company’s doorbell security app may also pose a massive privacy threat to users.
According to an investigation by the non-profit digital advocacy group, Electronic Frontier Foundation (EFF), the official Ring app for Android (version 3.21.1) comes with a number of third-party trackers that collect and transmit personally identifiable information of customers to at least four analytics and marketing companies, including Facebook’s graph API, a ‘deep linking’ platform called Branch and analytics firms AppsFlyer and Mixpanel. The information is said to include names, private IP addresses, mobile network carriers, persistent identifiers and sensor data on the devices.
In an official blog post on Monday, the organization said: “Ring has exhibited a pattern of behavior that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them”. According to the report, “not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners”.
It’s worth noting that Ring, as a company, have been in the news for all the wrong reasons on a number of occasions over the past couple of years. A report from The Intercept last year revealed that the company’s connected security cameras seriously compromised user-privacy by allowing some Amazon employees with “highly privileged access” to watch video recordings as well as live footage using only the email address associated with the account.
As for the latest developments, Amazon is yet to comment on EFF’s investigation, so it will be interesting to see how the company will defend against these new allegations of privacy breach against its controversial IoT division. You can read all the technical details posted by EFF on its official website.