Ring Doorbell App Reveals Personal Data, EFF Warns

An investigation by the Electronic Frontier Foundation (EFF) has warned that the Android app for the Ring doorbell is “packed with third-party trackers.”

The EFF investigation found that the trackers found in the Ring for Android app (version 3.21.1) is sending out a “plethora of customers’ personally identifiable information (PII)” to five analytics and marketing companies including a Google-owned firm (Crashalytics) and Facebook itself (even if the user doesn’t have a Facebook account).

The PII data is said to include names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

Ring tracking

EFF said that the danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device.

This allows them to build a “fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it.”

“All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done,” warned the EFF. “Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills”

Ring is of course owned by Amazon after the e-commerce giant paid more than $1 billion (£699m) in 2018 for the smart home provider.

Ring is most famous for its smart doorbell. However the firm alongside its video doorbells, also provides security cameras and camera equiped floodlights to provide a ‘ring’ of security around people’s homes.

But the EFF took Ring to task over its data collection after its investigation.

“Ring has exhibited a pattern of behaviour that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them,” alleged the EFF. “It has been able to do so by leveraging an image of the secure home, while profiting from a surveillance network which facilitates police departments’ unprecedented access into the private lives of citizens, as we have previously covered.”

“For consumers, this image has cultivated a sense of trust in Ring that should be shaken by the reality of how the app functions: not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners,” EFF warned.

Ring response

But Ring has responded and said that it limits the amount of data it shares with other firms.

“Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing,” a Ring spokesperson told Gizmodo.

The Ring spokesperson said that Ring takes steps to ensure its service providers’ use of customer data is “contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes.”

The EFF investigation found that the Ring for Android app provided information to Facebook (via its Graph API); deep-linking platform Branch; big data specialist AppsFlyer; MixPanel; and finally Google-owned Crashalytics.

Can you protect your privacy online? Take our quiz!