Share

Which? Research has found evidence of the over-surveillance of smart devices – from air fryers that ask for permission to eavesdrop on your conversations and share data with TikTok, to TVs that want to know your exact location.

The consumer association rated the products in four categories and gave them overall privacy scores for factors including consent and data access they want. The researchers found that the data collection often went beyond what was necessary for the functionality of the product – suggesting that the data could, in some cases, be shared with third parties for marketing purposes.

)In the air fryer category, in addition to knowing the exact location of customers, all three products wanted permission to records audio on the user’s phonewithout a specified reason. Xiaomi’s app connected its air fryer to trackers from Facebook, Pangle (TikTok for Business’s ad network) and Chinese tech giant Tencent (based on the user’s location).

The Aigostar air fryer wanted to know gender and date of birth when creating an owner account, again for no clear reason, but this was optional. Both Aigostar and Xiaomi fryers sent users’ personal data to servers in China, although this was flagged in the privacy notice.

The Huawei Ultimate smart watch – as with all tested products – requires privacy agreement to function properly. He asked for nine “risky” phone permissions – the most of all devices tested. Which? defines “risky” as giving invasive access to parts of someone’s phone.

These include the precise location, the ability to record audio, access to stored files or the ability to see all other installed applications. The company said they all have a justifiable need. Huawei also said that no user data is used for marketing or advertising purposes. Which? found some active trackers on the Huawei watch, but Huawei said they are only active in certain regions.

Bestsellers on Amazon, the Kuzil and WeurGhy It turns out that smartwatches are essentially the same product. Both required consent to work – if it’s denied, the product will just work as a watch, without the accompanying smart features. There was none of the legally mandated information about how long smartwatches will support security updates. However, both watches don’t seem to use any trackers.

Smart TV menus they are full of ads and hungry for user data. Hisense and Samsung TVs Which? tested required a zip code at setup – although both brands said customers could use a partial zip code and that this was only used for some content localization features. Samsung claimed that providing a zip code is not mandatory, but which one? found that it seemed binding in his tests.

The The LG set asked for a zip codebut supply was not mandatory. Samsung’s TV app requested eight risky phone permissions, including the ability to see all other apps on the phone, second only to Huawei’s smartwatch. Hisense didn’t connect to any trackers that the researchers could detect, but Samsung and LG did connect to a number of them, including Facebook and Google.

The smart speaker review found that the Bose Home Portable speaker and app have the fewest initial phone permissions of all the products tested, but are packed with trackers including Facebook, Google and digital marketing firm Urbanairship. Bose Loudspeaker also did a poor job of securing customer consent for data tracking.

Instead, Amazon Echo offers useful options to skip various data sharing requests. Consumers need an Amazon or Google account to use the Echo Pop or Nest Mini, respectively. They use trackers that the researchers of Which? they expected to see them, especially their own. However, users cannot selectively opt out, hence their low star rating.

All tested devices wanted to know users’ precise locations.

Research by Which? highlights how manufacturers are currently able to collect excessive data from consumers, often with little transparency about what it will be used for. The ICO is due to publish new guidance for manufacturers of smart products in spring 2025.

However, Which? is concerned that manufacturers based abroad could take advantage of the challenges of ensuring compliance with the guidelines.

Says Harry Rose, Which? magazine editor, said:

“Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers with seemingly reckless abandon, often with little or no transparency.

“Which? asked for appropriate guidelines outlining what is expected of smart product manufacturers and ICO confirmed a code will be introduced in spring 2025 – this must be supported by effective enforcement, including against companies operating abroad.”

Consumer Tips – How to improve your data privacy

You care about what you share: Some data collection is optional during setup, and that means you can opt out (though perhaps with consequences in terms of functionality). Only share what you feel comfortable with.

Check permissions: On iOS and Android, you can review permission requests before downloading an app and check what each app has access to in your settings.

Deny access: Also, in the phone settings, you can deny or limit access to data such as location, contacts and so on. Although, that might stop or limit aspects of the app.

Delete records: Using the Alexa and Google Assistant settings, you can set your voice recordings to be deleted automatically instead of being stored after a period of time.

Read the privacy notice: At least go through the policy, especially the data collection sections. You have the right to object to a company processing your data.

The right to answers

Samsung

“At Samsung, the security and privacy of our customers’ data is of the utmost importance. And we use industry standard security measures and practices to make sure your data is secure. Customers also have the option to view, download or delete any personal data through their Samsung accounts. Customers can find more information about our privacy policies at www.samsung.com/uk/info/privacy.”

Hisense

“Hisense UK values ​​relationships with its customers and respects their data privacy rights. We comply with all UK data privacy laws and only capture our customers’ postcodes to enable them to receive regionally specific content, improving the user experience. If users are concerned, then many of our TVs will support a partial postcode.”

An Amazon spokesperson said:

“We design products to protect our customers’ privacy and security and put them in control of their experience. For example, we build easy-to-use controls for our customers—these include physical buttons or shutters, simple in-app controls, and prompts within the device setup experience—and we’ve created resources that explain how our devices and services work and the options available to customers. “

Google

“The privacy of our customers is very important to us, and Google fully complies with applicable privacy laws and provides transparency to our users about the data we collect and how we use it. For those times when users want additional privacy controls enabled Google Nest smart speakers and displays, users can use Google Assistant in guest mode. In guest mode, Google Assistant will not tell or show personal results, personal contacts, and automatically delete audio recordings and Google Assistant activity. “

Huawei

“Huawei takes consumer privacy incredibly seriously. Clearly, to be useful lifestyle and health/fitness partners, smartwatches require permissions to access a range of personal data; we are very clear about the devices both at setup and in the accompanying app Huawei Health, which permissions are needed and why, and users have full control over turning them on or off at any time.”

In a long statement Xiaomi said that “respecting user privacy has always been among Xiaomi’s core values, which include transparency, accountability, user control, security and legal compliance.” It said it adheres to all UK data protection laws and “we do not sell any personal information to third parties”, and certain features are only active in selected global markets, such as Tencent’s services only used in China. “Permission to record audio on Xiaomi Home app does not apply Xiaomi Smart Air fryer which does not work directly through voice commands and video chat,” he added.

hook

“We prioritize privacy and, subject to our internal compliance requirements, smart products must comply with the GDPR. However, without specific test reports from your company or testing laboratory, we cannot comment further.”

LG declined to comment. Aigostar and Bose did not respond. WeurGhy and Kuzil werhe is uncontactable.

November 5, 2024Chris Price

For the latest technology stories, go to TechDigest.tv