As smart homes become ubiquitous, smart home brands will need to be more judicious with data privacy and cyber protections. Despite end-to-end encryption and two-factor authentication, user concerns remain steadfast.

Smart home privacy concerns

Smart home brands are under continuous pressure to increase the integrity of platforms and devices, but protecting systems from botnet attacks, ransomware, and unlawful viewing of camera feeds is only part of the ongoing challenges smart home brands face today. Mobile app privacy is equally important because of the ongoing data mining practices unleashed by the world’s largest companies. To this end, Apple has unveiled new features in its App Store that require information to be submitted for all new apps and app updates.

App privacy details

According to Apple, 1 the App Store now helps users better understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect and whether that data is linked to them or used to track them. Users will need to provide information about their app’s privacy practices, including the practices of third-party partners whose code users integrate into their app, in App Store Connect. This information is required to submit new apps and app updates to the App Store. 

Smart home approach

To combat cyber threats, most brands have enabled features like two-factor authentication (2FA) or have relied on larger organizations, like Facebook, as a login method to reduce the data collection and liability by the primary app. Dashboards have also been created that show the user when and by whom the app was last accessed and most recently, Ring announced end-to-end encryption for its video products, which adds an extra layer of protection.

Other smart home brands are protecting customers by focusing on edge-based processes, SD cards, and network-attached storage (NAS) storage to reduce cloud reliance to keep consumer data more private. Although standardizing communication protocols, like through Connected Home Over IP (CHIP), will undoubtedly improve the security of smart home systems, this is only part of the effort brands are taking and should take to secure consumers. Omdia expects more emphasis to be placed on edge-based processes and dashboards that provide transparency in how data is used and by whom.

Types of data collected by apps

According to Apple, below is a list of data types and collection practices required by companies participating in the App Store. 2 Google has been excluded from this analysis because the company has yet to submit this information.

 

Contact information

Name

Such as first or last name

Email address

Including but not limited to a hashed email address

Phone number

Including but not limited to a hashed phone number

Physical address

Such as home address, physical address, or mailing address

Other user contact information

Any other information that can be used to contact the user outside the app

Health and fitness

Health

Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, Movement Disorder APIs, or health-related human subject research or any other user provided health or medical data

Fitness

Fitness and exercise data, including but not limited to the Motion and Fitness API

Financial information

Payment information

Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed.

Credit information

Such as credit score

Other financial information

Such as salary, income, assets, debts, or any other financial information

Location

Precise location

Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places

Coarse location

Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services

Sensitive information

Sensitive information

Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data

Contacts

Contacts

Such as a list of contacts in the user’s phone, address book, or social graph

User content

Emails or text messages

Including subject line, sender, recipients, and contents of the email or message

Photos or videos

The user’s photos or videos

Audio data

The user’s voice or sound recordings

Gameplay content

Such as user-generated content in-game

Customer support

Data generated by the user during a customer support request

Other user content

Any other user-generated content

Browsing history

Browsing history

Information about content the user has viewed that is not part of the app, such as websites

Search history

Search history

Information about searches performed in the app

Identifiers

User ID

Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a user or account

Device ID

Such as the device’s advertising identifier or other device-level ID

Purchases

Purchase history

An account’s or individual’s purchases or purchase tendencies

Usage data

Product interaction

Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app

Advertising data

Such as information about the advertisements the user has seen

Other usage data

Any other data about user activity in the app

Diagnostics

Crash data

Such as crash logs

Performance data

Such as launch time, hang rate, or energy use

Other diagnostic data

Any other data collected for the purposes of measuring technical diagnostics related to the app

Other data

Other data types

Any other data types not mentioned

Source: Apple

Smart home app scores

The chart below provides a weighted score for some of the top smart home brands. A lower score suggests a more private app that collects fewer data. A higher score represents brands that collect more data on users.

According to table 1, the Hive smart home app was the most private, followed by Wyze and LIFX; Arlo, Ring, and Alexa were the least private.

 

Table 1: Smart home apps - Privacy ratings

Brand

Weighted app privacy score

Centrica Hive

0.08

Wyze

0.09

LIFX

0.15

Philips Hue

0.16

Swann

0.17

Chamberlain

0.17

SmartThings

0.21

Ecobee

0.21

Arlo

0.25

Ring

0.47

Alexa

0.77

Source: Omdia

Appendix

Further reading

1 The App Store, t.ly/jDLC, retrieved January 14, 2021.

2 Types of data collected by apps, t.ly/jDLC, retrieved January 14, 2021.

Author

Blake Kozak, Senior Principal Analyst, Consumer Devices

askananalyst@omdia.com