EFF Busts Ring Doorbell App For Leaking Private Customer Data To Third-Party Firms

ring video doorbell 2 2
Ring has been in the news a lot lately over lapses in security with its camera products. After thousands of accounts got hacked, Ring took the brunt of the backlash, but explained that user credentials were most likely obtained 1) from unrelated account hijacks and 2) because customers were using the same login credentials across multiple online accounts.

Ring made changes to its security regimen and ensured that new customers enabled two-factor authentication to further lockdown accounts. But now, Ring is under fire again with respect to its Android app. According to the Electronic Frontier Foundation (EFF), the Android version of Ring's app is filled with third-party trackers that are leaking customer data.

In this case, Ring’s data leaking is even more egregious than Avast's privacy nightmare that we told you about yesterday. The EFF found that Ring, which is owned by Amazon, is transmitting customer data to four primary firms: AppsFlyer, MixPanel, Branch, and Facebook

While Branch and Facebook were given seemingly harmless information like time zone, device model, and screen resolution, they were also made privy to more persistent data like unique device identifiers and in the case of Branch, a user’s local IP address. AppsFlyer received even more data metrics including mobile carrier and sensor data from the magnetometer, gyroscope and accelerometer.

But of the four companies, MixPanel took top honors for the amount of data that it sucked up from Ring customers. It was made privacy to account holder names, email address, device model/OS information, location data, and Bluetooth radio status.

According to the EFF, all of this data was transmitted using HTTPS, and the "encrypted information was delivered in a way that eludes analysis, making it more difficult (but not impossible) for security researchers to learn of and report these serious privacy breaches."

The EFF sums up its findings, adding, "Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system." It also admonished Ring for "delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship."

Unfortunately, the EFF didn't investigate to see if the iOS version of the Ring app is also leaching customer data to third-parties.