Amazon Ring’s Android app has been found to allow third-party trackers access to your data like your name, IP address, mobile network carrier, and more.
The Electronic Frontier Foundation (EFF) published a report on Monday, January 27, about an investigation into Ring’s Android app. The investigation found analytics and marketing companies not mentioned in Ring’s privacy notice have access to your data directly through the Ring app.
Companies that are mentioned in the report include Branch, AppsFlyer, MixPanel, and Facebook.
“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” writes Bill Budington, a senior staff technologist at EFF. “This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it.”
In the worst case, MixPanel is able to collect full names, email addresses, and the number of locations a user has Ring devices installed in.
Ring lists the names of its third-party services that have access to your data that you agree to when you download the app. However, EFF points out that Mixpanel is the only company mentioned in Ring’s privacy notice from their investigation.
Ring says it also collects data from Google Analytics, HotJar, and Optimizely. Although you can choose to opt out of the data analytics platforms listed in Ring’s privacy notice, it’s not known how to opt out of the other three companies mentioned in EFF’s report.
Budington told Digital Trends that EFF let Ring know about their investigation on Friday, January 24. He recommends people install the Disconnect VPN on their phone, which blocks trackers.
Experts say that when EFF does an investigation or warns about something, it’s important to pay attention to it.
“When the EFF gets involved it’s serious. They have very skilled researchers that act on facts, not fiction. I’m a big supporter of EFF, always have been,” said Gregory Hanis, the chief technology officer at Viperline Solutions, a security and data protection company. “They don’t normally get involved in something unless it’s causing real harm.”
Hanis said it’s essential to read all policies before you agree to them so you know what you’re really getting into.
“Honestly, you gotta read the Android OS policy that you agreed to, along with the store policy, and vendor of the app policy. All three apply when using an Android app. It gets really confusing on who can do what with your data. This is where the UK’s [General Data Protection Regulation] regulations are good at helping solve this,” he said. “The USA doesn’t have one such policy yet. EFF is in a good position to help push that rock up Capitol Hill.”
Ring’s various security issues have been a concern for many of its customers. The company’s slew of recent privacy issues range from device hacks to data leaks, and even a case of its own employees trying to access Ring Doorbell videos.
“Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system,” EFF said in its report.
Budington also told Digital Trends that EFF has told Ring about their concerns with the company’s various privacy implications over the last few months and that their concerns have always been dismissed.
A Ring spokesperson told Digital Trends that the their privacy notice states any possible reason a third-party may use your personal information.
“Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing. Ring ensures that service providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes,” the spokesperson said.