The Electronic Frontier Foundation (EFF), a US-based digital rights group, has found that the Amazon-owned Ring Doorbell app is “packed” with third-party tracking, sending customers an abundance of personally identifiable information.
An investigation of the Ring Doorbell app for Android found that four major analytics and marketing companies – including Facebook and Google – were receiving information such as names, personal IP addresses, mobile network carriers, continuous identifiers and sensor data on devices. Pay customers.
“The ring not only mismanages consumer data, but also intentionally transfers it to those data trackers and data miners,” the EFF said in a release late Tuesday.
“Ring claims to protect the privacy and confidentiality of its customers, yet we have repeatedly found that these claims not only fall short, but also harm customers and community members involved in Ring’s surveillance system,” the nonprofit group said.
In a statement to Gizmodo, the Amazon-owned home security and smart home company said it had limited the amount of data it shared.
“Like many companies, Ring uses third-party service providers to evaluate our mobile app usage, which helps us improve our features, optimize the customer experience and evaluate our marketing effectiveness,” the company said.
In November 2019, BitDefender security researchers found that after it unveiled the credentials of the Wi-Fi network, Amazon created a security patch for its ring video doorbell pro, thus allowing intruders to block them and compromise with the family network.
BitDefender’s security researchers say Amazon-owned Doorbell is sending owners’ Wi-Fi passwords in clear text because Dorbel joins the local network, thus allowing nearby hackers to gain access to the network to block the Wi-Fi password and launch major attacks. Or conduct surveillance.
The EFF said the ring displayed a pattern of behavior that sought to reduce the exposure to criticism and screening while benefiting from the wide array of customer data available to them.
“Our tests, using Ring for Android version 3.21.1, have been distributed on PII (Personally Identifiable Information) branches.io, mixpanel.com, appsflyer.com and facebook.com. The ring also contains information on Google’s proprietary crash logging services. The exact amount of data to be shared with this service has not yet been determined, “the group said.
The group has in the past warned of mismanagement of user information which has led to data breaches.
“It goes one step further, providing only sensitive data to third parties that are not accountable to the ring or bound by trust in the customer-seller relationship,” it added.
Amazon bought the ring in 2018 which sells home security cameras as well as doorbells.
In December last year, the parents of an eight-year-old girl in the United States were shocked when a hacker accessed and abused a ring video camera installed in their daughter’s home.
In the video, the hacker is heard abusing the eight-year-old child several times because he did not understand where the voice was coming from.