Amazon Echo Alexa Voice Calling Reportedly Has Glaring Privacy Flaw

Amazon's latest Alexa update is one that could prove extremely useful to those who want to keep in contact with friends and family through various Echo devices, coming to us in the form of Alexa Calling & Messaging. The premise is simple: you can use your Echo device to send and receive messages to anyone who also owns an Alexa device. While the feature appears to function quite well, there are some caveats and warnings that have popped up surrounding it.

In a Medium post, Elise Oras says that Alexa Calling has a "major privacy" flaw, and after reading, you might just agree. For the sake of convenience, Alexa is able to pull down your contact list and automatically populate it inside of this new feature. The problem: it'll automatically pull down every single contact you have that uses the Alexa app.

echo show dog
Amazon Echo Show

Among the contacts that were fetched for Elise were old landlords, co-workers, random account managers, and "of course, crazy ex-boyfriends". At this point, the flaw wouldn't seem so severe if the excess contacts could be deleted, but there's no such option for that. You can't even block those unwanted contacts from contacting you. Confirmation from Amazon itself:

Based on another response from Amazon, it appears that if you wish for this mass import to not happen, the contacts would have to be deleted from the Alexa app's contact log. That's hardly a solution, though, considering many people would have jumped on the import right away.

Unfortunately, solutions don't get much better beyond that. If you're unhappy with Alexa Calling after importing your collection of contacts, you'll have to call Amazon to have the entire feature manually disabled. Minutes after calling, Elise finally had her instance of Alexa Calling disabled.

In this particular case, the user didn't seem to be at real risk of harm from this happening, but she offers a grim reality: "I imagine victims of domestic violence, kids that are being bullied, and other victims of violence or crime may have their abuser's number in their phone".

This raises the age-old question of: when are companies going to begin taking our security and privacy more seriously?