The data associated with users out in the wild is important to companies, and they’ll pay a lot of money to get it.
And unfortunately a lot of apps, services, and products are more than willing to collect that data to sell it off. We recently heard about the antivirus software Avast, for instance, which was discovered to be tracking users and then selling off data to third-parties. And now a new report indicates that the Amazon-owned Ring doorbell app is doing the same thing.
The report was published by the Electronic Frontier Foundation this week, and it details how the Ring app for Android is packed with third-party trackers. That data is then being sent off to up to four different companies. That includes MixPanel and AppsFlyer. Google and Facebook are also named as recipients of the collected data.
The data that’s being collected ranges, but some of the worst elements include the Ring owner’s personal IP address and even their names.
AppsFlyer, for instance, for some reason receives information related to the device’s gyroscope and magnetometer, along with an additional mix of general data from the Ring Android app. Facebook is alerted every time a Ring owner opens the app in general, and when they perform actions within the app.
Meanwhile, the data analytics firm MixPanel, gets not only the Ring owner’s name, but also the device data where the app is installed, app settings, and email address. Crashalytics is owned by Google, and information is sent to that company, too, but the EFF was not able to determine just how much data, or what type, is being sent.
The EFF warns that even small amounts of data pertaining to a person is enough to build something much bigger, basically leading to an individual “fingerprint” of the user:
The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it. All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done. Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills.
It’s worth noting here that the investigation was related to the Android app, and not the Ring app for iOS. While Apple has policies in place within the App Store to limit this sort of thing from happening, it’s unclear if the same situation is happening with the iOS app because the EFF report does not include that.
AppleInsider got a response from Ring regarding this report from the EFF, and the company says that, like many other apps, it uses “third-party service providers” that “evaluate the use of our mobile app”. Here’s the company’s full response on the matter:
Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing,” Ring said. “Ring ensures that service providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes.
What do you think? Even if the situation is just to see how folks are using their own app, do you think major third-party entities like Facebook should be getting this data? Would you prefer it if Ring had an opt-in option? Let us know in the comments.