Ring, the Amazon-owned security camera company, has been caught in another privacy mishap. A report published by Electronic Frontier Foundation (EFF) earlier today, suggests Ring’s Android app sends a ton of personally identifiable information (PII) to third-party trackers without explicit user consent.
The report suggests the app (version 3.21.1) sends data to four trackers including Facebook’s graph API, a ‘deep linking’ platform called Branch, and analytics firms like AppsFlyer and Mixpanel through encrypted HTTPS standard. The information sent to these trackers includes names, unique device IDs, language preferences, time zones, devices’ IP addresses, and certain user actions, such as when someone interacts with the ‘Neighbors’ section of the app.
A Ring spokesperson told TNW in an email statement that the company has third-party providers evaluate how its app is used, in order to improve the experience for customers:
Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing. Ring ensures that service providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes.
While sending data to third-party services may seem normal, EFF’s report points out that “the danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device.”
Moreover, while Ring says it restricts these companies’ use of your data, the EFF is concerned that those companies aren’t accountable to Ring. Plus, if you bought a camera from Ring, you don’t really want it sending data about you and your habits to multiple other companies, period.
Last December, an investigation found that Ring’s hardware didn’t have basic safeguards against someone gaining unauthorized access and snooping on you. A report published by Mozilla in September also highlighted holes in the company’s weak privacy measures.
Published January 28, 2020 — 06:22 UTC