Daily Maverick
Dailymaverick logo

Business Maverick

Business Maverick, South Africa, World

Got a feeling somebody’s spying on you? Smart homes are data collection hubs

Got a feeling somebody’s spying on you? Smart homes are data collection hubs
Georgina Crouth
By Georgina Crouth
25 Jul 2024
Facebook
1
Consumers may unknowingly be paying a hidden price for convenience — their personal data.

Smart home devices are so “smart” that they help you to control lights, thermostats and appliances remotely through your smartphone or voice commands. They can help improve energy efficiency through optimised control of heating, cooling and lighting – with substantial cost savings – and enhance security with smart locks, cameras and sensors. 

Through tailored comfort settings, customers can control their living environment by setting up conveniences for tasks like waking, going to bed or leaving home, by adjusting lighting, temperature and entertainment according to their preferences. 

Home automation sounds like a modern dream but a new report has found that a tenth of smart home apps are collecting data for the express purpose of user tracking. 

In short, you’re being tracked and your information is being collected and even sold to third parties who will try to sell you stuff.

Surfshark, a Dutch cybersecurity company, now warns that Amazon and Google — the dominant players in the segment — have developed the most data-hungry and aggressive smart home device apps and says consumers should be far more cautious about private information they inadvertently share with these companies. 



Even if your home is not quite kitted out like a Bat Cave fit for Bruce Wayne, many consumers are already linked up to virtual assistants like Google Assistant, Apple’s Siri and Amazon’s Alexa, which are transforming home appliances and security systems. 

While smart assistants and other devices offer convenience, there’s growing concern about data privacy as many of these apps collect extensive user data which can be used for targeted advertising or shared with third parties.

Consumers are essentially paying twice, Surfshark says: once for the device and again with their personal information.

Some apps are particularly data-hungry, collecting detailed information about users, including their personal details, device interactions and even crash reports.

The company’s recently released Smart Homes Privacy Checker analysed 290 apps associated with more than 400 popular Internet of Things devices, by focusing on 64 device types. 

Researchers looked at 32 data points across 12 categories on the Apple App Store, assessing app behaviour regarding user data collection, tracking and linkage. The most intrusive apps were ranked based on the quantity of unique data collected, the extent of tracking activities and the level of data linkage to individual users.

Amazon’s Alexa was found to be a data collection powerhouse, amassing 28 out of 32 possible data points, which is more than three times the average smart home device. Every piece of collected data is linked to individual user profiles, which encompasses sensitive information like precise location, contact details and health data. While Alexa doesn’t directly collect browsing history, it gathers similar data through search history.

Google, although slightly less aggressive, still collects nearly triple the average, with 22 out of 32 data points, including a wide range of information, from address and location to photos, audio and browsing history. 

All data is linked to individual users.

The Keurig coffee machine app collects 19 out of 32 data points — more than double the average — tracking users across third-party networks using data like email, browsing and search history. It is likely to be linking this extensive data collection to the app’s online shopping feature.

Outdoor security camera apps are notorious data collectors, gathering on average 50% more data than other smart home devices, with 12 data points collected per app. 

Alarmingly, seven of these data points are linked directly to the user’s identity.

Why worry? Surfshark says smart home apps are often data collection hubs and that these apps frequently harvest extensive personal information, from basic details like name and contact information to more sensitive data such as emails, text messages and even browsing history.

Beyond data collection, these apps may track user behaviour to deliver targeted ads or share information with third-party data brokers, which can then be used for targeted advertising, credit assessments and market research. 

Alarmingly, 12 apps have not provided details of their collection practices for at least a year, including two toys — Cozmo and MekaMon, which both produce toy robots.

Goda Sukackaite, privacy counsel at Surfshark, says in an era where convenience frequently takes precedence over privacy concerns, their research has uncovered a troubling trend in smart home device apps. 

“It is important to understand that this issue extends beyond just data collection; it encroaches upon the intimate aspects of users’ lives, which, if mismanaged, could lead to data theft, security breaches, and the unsanctioned, uncontrolled dissemination of personal information to third parties. Users must be made aware and given the means to reclaim their digital privacy.”

How to protect yourself


Surfshark says to safeguard your personal information, robust security measures need to be implemented, which should begin with the creation of strong, unique passwords for each device and app, and regular updates of operating systems and applications to address security vulnerabilities.

Scrutinise and limit app permissions: Carefully evaluate the permissions requested by each app and deny those that seem unnecessary.

Prioritise network security by using a strong, unique Wi-Fi password, enabling encryption protocols, and creating separate guest networks. Keep your router updated and consider using a VPN for added protection.

Limit data sharing by carefully reviewing app permissions and deleting unused applications. Be mindful of the information you share online.

General online safety practices are crucial. Enable two-factor authentication, be wary of phishing attempts, and regularly monitor your financial accounts for suspicious activity.

By adopting these measures, you can significantly reduce the risk of your personal information falling into the wrong hands.

Rob Koen, managing director of Amazon Sub-Saharan Africa, told Daily Maverick that they design their products to protect customers’ privacy and to provide them with transparency and control over their experience. “For example, we design Alexa and Echo devices with multiple layers of privacy protection, from microphone and camera controls to the ability to review and manage voice recordings and smart home device history. 

“We never sell our customers’ personal data, and we never stop working to keep their information safe. We use data responsibly to deliver products that our customers love.”

A Google spokesperson said the company “heartily agrees” with Sukackaite’s advice to seek out and utilise privacy settings, and actively manage app permissions and question those that seem excessive.

“We agree that our homes are special places and users should seek out and utilise privacy settings, while actively managing their app permissions. You want to trust the things you bring into your home. We are committed to earning that trust with devices and services designed to help create a home that takes care of the people inside it and the world around it. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.” 

They said in the case where Google connected home devices include cameras, microphones, or environmental or activity sensors that detect information about your home environment, they will list these hardware features in the device’s technical specifications — whether or not they’re enabled.

In addition, they help keep customers’ Google accounts secure with tools and automatic protection in three ways: 

  1. Suspicious activity detection sends you notifications whenever we detect unusual or potentially dangerous activity, such as suspicious sign-ins to your account.

  2. Security Checkup helps you secure your account and manage your online security through personalised guidance.

  3. 2-step verifications strengthens your account security, by adding a second verification step when you sign in, like a prompt from a trusted device or the use of a physical security key.


Personal data has become a valuable commodity. Third-party advertisers and data brokers capitalise on this information to build their businesses. As we increasingly rely on digital platforms for essential services, safeguarding our data is paramount. 

The smart home market has been growing steadily for almost a decade. The number of smart homes is projected to surge by 117.69% between 2023 and 2028, reaching a peak of 785.16 million users, according to data from Statista. This represents a consistent upward trend over the past nine years, with an anticipated addition of 424.5 million new smart homes during this period.

While there’s been significant growth in smart home technology adoption globally, the South African market is still in relatively early stages compared with more developed countries.

The Asia-Pacific region is poised for the most rapid growth in the smart home market, with a projected compound annual growth rate of 32.21% between 2023 and 2030, says US market research technology firm, Grand View Research.

This expansion is fuelled by rising disposable incomes and an improved standard of living. Widespread smartphone and internet penetration, coupled with the increasing adoption of AI-powered digital assistants, is driving market demand in the region. DM

Categories:

Tags: