As smart homes become ubiquitous, smart home brands will need to be more judicious with data privacy and cyber protections. Despite end-to-end encryption and two-factor authentication, user concerns remain steadfast.
Smart home privacy concerns
Smart home brands are under continuous pressure to increase the integrity of platforms and devices, but protecting systems from botnet attacks, ransomware, and unlawful viewing of camera feeds is only part of the ongoing challenges smart home brands face today. Mobile app privacy is equally important because of the ongoing data mining practices unleashed by the world’s largest companies. To this end, Apple has unveiled new features in its App Store that require information to be submitted for all new apps and app updates.
App privacy details
According to Apple, 1 the App Store now helps users better understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect and whether that data is linked to them or used to track them. Users will need to provide information about their app’s privacy practices, including the practices of third-party partners whose code users integrate into their app, in App Store Connect. This information is required to submit new apps and app updates to the App Store.
Smart home approach
To combat cyber threats, most brands have enabled features like two-factor authentication (2FA) or have relied on larger organizations, like Facebook, as a login method to reduce the data collection and liability by the primary app. Dashboards have also been created that show the user when and by whom the app was last accessed and most recently, Ring announced end-to-end encryption for its video products, which adds an extra layer of protection.
Other smart home brands are protecting customers by focusing on edge-based processes, SD cards, and network-attached storage (NAS) storage to reduce cloud reliance to keep consumer data more private. Although standardizing communication protocols, like through Connected Home Over IP (CHIP), will undoubtedly improve the security of smart home systems, this is only part of the effort brands are taking and should take to secure consumers. Omdia expects more emphasis to be placed on edge-based processes and dashboards that provide transparency in how data is used and by whom.
Types of data collected by apps
According to Apple, below is a list of data types and collection practices required by companies participating in the App Store. 2 Google has been excluded from this analysis because the company has yet to submit this information.
|
Contact information |
|
|
Name |
Such as first or last name |
|
Email address |
Including but not limited to a hashed email address |
|
Phone number |
Including but not limited to a hashed phone number |
|
Physical address |
Such as home address, physical address, or mailing address |
|
Other user contact information |
Any other information that can be used to contact the user outside the app |
|
Health and fitness |
|
|
Health |
Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, Movement Disorder APIs, or health-related human subject research or any other user provided health or medical data |
|
Fitness |
Fitness and exercise data, including but not limited to the Motion and Fitness API |
|
Financial information |
|
|
Payment information |
Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed. |
|
Credit information |
Such as credit score |
|
Other financial information |
Such as salary, income, assets, debts, or any other financial information |
|
Location |
|
|
Precise location |
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places |
|
Coarse location |
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services |
|
Sensitive information |
|
|
Sensitive information |
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data |
|
Contacts |
|
|
Contacts |
Such as a list of contacts in the user’s phone, address book, or social graph |
|
User content |
|
|
Emails or text messages |
Including subject line, sender, recipients, and contents of the email or message |
|
Photos or videos |
The user’s photos or videos |
|
Audio data |
The user’s voice or sound recordings |
|
Gameplay content |
Such as user-generated content in-game |
|
Customer support |
Data generated by the user during a customer support request |
|
Other user content |
Any other user-generated content |
|
Browsing history |
|
|
Browsing history |
Information about content the user has viewed that is not part of the app, such as websites |
|
Search history |
|
|
Search history |
Information about searches performed in the app |
|
Identifiers |
|
|
User ID |
Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a user or account |
|
Device ID |
Such as the device’s advertising identifier or other device-level ID |
|
Purchases |
|
|
Purchase history |
An account’s or individual’s purchases or purchase tendencies |
|
Usage data |
|
|
Product interaction |
Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app |
|
Advertising data |
Such as information about the advertisements the user has seen |
|
Other usage data |
Any other data about user activity in the app |
|
Diagnostics |
|
|
Crash data |
Such as crash logs |
|
Performance data |
Such as launch time, hang rate, or energy use |
|
Other diagnostic data |
Any other data collected for the purposes of measuring technical diagnostics related to the app |
|
Other data |
|
|
Other data types |
Any other data types not mentioned |
Source: Apple
Smart home app scores
The chart below provides a weighted score for some of the top smart home brands. A lower score suggests a more private app that collects fewer data. A higher score represents brands that collect more data on users.
According to table 1, the Hive smart home app was the most private, followed by Wyze and LIFX; Arlo, Ring, and Alexa were the least private.
Table 1: Smart home apps - Privacy ratings
|
Brand |
Weighted app privacy score |
|
Centrica Hive |
0.08 |
|
Wyze |
0.09 |
|
LIFX |
0.15 |
|
Philips Hue |
0.16 |
|
Swann |
0.17 |
|
Chamberlain |
0.17 |
|
SmartThings |
0.21 |
|
Ecobee |
0.21 |
|
Arlo |
0.25 |
|
Ring |
0.47 |
|
Alexa |
0.77 |
Source: Omdia
Appendix
Further reading
1 The App Store, t.ly/jDLC, retrieved January 14, 2021.
2 Types of data collected by apps, t.ly/jDLC, retrieved January 14, 2021.
Author
Blake Kozak, Senior Principal Analyst, Consumer Devices
This Analyst Opinion is included in: