Embattled Amazon Ring ‘Gives Facebook & Google user data’: Investigation
Amazon owned Ring security doorbells have been found to be providing customer data to companies such as Facebook and Google, according to an investigation.
The Electronic Frontier Foundation (EFF) found the Ring app was ‘packed’ with third-party tracking that sends out customers’ personally identifiable information – including names, IP addresses and mobile networks.
A total of five companies received this information, the investigation said.
But Ring claimed it limited the amount of personal data it released.
‘Like many companies, Ring uses third-party service provides to evaluate the use of our mobile app, which helps us improve features, optimise the customer experience and evaluate the effectiveness of our marketing,’ the company told Gizmodo.
‘The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,’ the EFF said.
‘This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a users is doing in their digital lives and when they re doing it.’
The five companies that were identified in the investigation as receiving Ring users’ personal data were:
Facebook, via its Graph API, who received user’s time zone, device model, unique identifier and screen resolution.
Google-owned Crashalytics, which received an amount of customer data ‘yet to be determined.’
Branch, a company that describes itself as a deep-linking platform, received unique identifiers, device model, screen resolution and user’s IP addresses.
Mixpanel, who received the most information, including users’ full names, app settings, device information and email addresses.
AppsFlyer, a big data company, received sensor data related to the magnetometer, gyroscope and accelerometer on users’ phones.
Out of these five companies, Mixpanel is the only one mentioned in Ring’s privacy notice, alongside Google Analytics, HotJar and Optimizely.
EFF’s investigation tested Ring for Android, version 3.21.1.
Amazon purchased Ring in 2018 and now sells a range of home security cameras, including doorbells. They have been heavily criticised for partnering with up to 200 law enforcement agencies to carry out surveillance through its devices.
But digital rights campaign group, Fight for the Future, said that Amazon was instead encouraging neighbours to spy on each other.
But last year, Ring saw a series of bad press after multiple Ring cameras were hacked.
One Alabama-based man, who says his children were spoken to by a hacker through his Ring camera, is now leading a group legal action against Amazon over the security of its products.
Ring has previously blamed the hackings on customers not changing their passwords.