A new report from the Electronic Frontier Foundation once again has Amazon’s Ring in the hot seat regarding the privacy and security of its fleet of home monitoring devices. According to the nonprofit industry watchdog, the Ring app on Android is “packed with third-party trackers sending out a plethora of customers’ personally identifiable information.”
In its study, EFF found four main analytics and marketing companies—Branch, Mixpanel, AppsFlyer, and Facebook—to be on the receiving end of Ring’s data, which includes such information as screen resolution, names and email addresses. EFF notes that all of the data they monitored was sent using encrypted HTTPS and “was delivered in a way that eludes analysis.”
The organization used a Ring Video Doorbell and a Nexus 5X running Android Oreo to conduct its testing. The app has since been updated from version 3.21.1 to 3.22.1, but it’s unclear whether the activity of the trackers was changed.
In a statement to TechHive, a Ring spokesperson admitted to the use of the trackers but downplayed the risk.
“Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing,” the spokesperson said. “Ring ensures that service providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes.”
Ring’s Privacy Notice uses the catch-all “with your consent” when discussing when personal information is shared, but also notes that, “We do not authorize our service providers to use or disclose your personal information except as necessary to perform services on our behalf or comply with legal requirements.” EFF found no evidence that the collected data is being used for any nefarious or illicit purposes.
At the very least, Ring’s list of third-party analytics services appears to be out of date. Last updated in May 2018, it only lists four platforms, only one of which (Mixpanel) was identified by EFF’s report. Mixpanel lists Expedia, Uber, Twitter, and Ancestry among its 26,000-plus clients, and is used by the Ring app to highlight new features as they are made available. Ring does allow users to opt out of data collection from the services listed, but it’s not very user-friendly.
Hopefully, that will change with the imminent launch of a new Control Center dashboard, which will allow users to control their privacy and security settings from within the Ring app, and offer transparency as to how Ring keeps its data private and secure, including third-party services. At its CES announcement, Ring said the new Control Center will arrive in January.