The Ring application is delivering user data to Facebook, Google and other third parties, according to a report
Amazon’s ring is under fire once again.
Security experts discovered that the Android application is sending customer personally identifiable information to Facebook, Google and other third parties without permission.
Names, private IP addresses, mobile network operators, persistent identifiers and sensor data were discovered in the exchange.
The report also found that some Ring users whose identity was shared with Facebook do not have an account on the social network.
The findings were discovered by the Electronic Frontier Foundation (EFF), a nonprofit organization that defends civil liberties in the digital world, which said the information was encrypted in a way that security researchers would not detect.
Scroll down to watch the video
It was discovered that Ring’s Android application was ‘full’ of third-party tracking, which it uses to send customer personally identifiable information to Facebook, Google and other third parties.
While examining Ring’s updated Android application, the organization discovered four unlisted trackers lurking in the shadows and sending user data to websites such as branch.io, mixpanel.com, appsflyer.com and facebook.com.
Ring also sends information to the Google-owned fault logging service.
“All the traffic we observed in the application was sent using encrypted HTTPS,” EFF shared in the report.
“In addition, the encrypted information was delivered in a way that eludes the analysis, which makes it more difficult (but not impossible) for security researchers to know and report these serious privacy violations.”
“The service providers that manage these services use automated technologies to collect data (such as email and IP addresses) to evaluate the use of our websites and mobile applications,” he reads.
However, the company behind the device also notes that it will identify which third-party services are specifically used by the company.
While examining Ring’s updated Android application, the organization discovered four unlisted trackers lurking in the shadows and sending user data to websites such as branch.io, mixpanel.com, appsflyer.com and facebook.com. Ring also sends information to the Google-owned fault log service
Of the companies that receive data, only MixPanel is mentioned in the privacy notice of Ring, along with Google Analytics, HotJar and Optimizely. – but does not include Facebook.
“The danger of sending even small pieces of information is that the analysis and tracking companies can combine these bits to form a unique image of the user’s device,” EFF said.
According to Gizmodo, a Ring representative told them that “that Ring takes steps to ensure that the use of customer data by its service providers is” contractually limited to appropriate purposes, such as performing these services on our behalf and not to other purposes. “
However, EFF is not sold on these claims.
“Ring claims to prioritize the security and privacy of its customers, but again and again we have seen that these claims not only fall short, but also harm customers and community members who participate in Ring’s surveillance system.” , he wrote in the report.
“As we mentioned, this includes information about your device and operator, unique identifiers that allow these companies to track you through applications, real-time interaction data with the application and information about your home network.”
‘In the case of MixPanel, it even includes your name and email address. This data is provided to the parties that are only briefly mentioned, buried in an internal page that users will probably never see or that are not listed. ”
Ring and Amazon met in hot water last December when they were hit by a lawsuit, accusing them of not protecting their customers from hackers.
The complaint, filed Thursday in the United States District Court for the Central District of California, states that Ring and Jeff Bezos’ Amazon, which the company bought last year, were negligent in failing to implement ‘robust’ security measures .
According to the lawsuit, first reported by TMZ, there have been at least six other instances involving pirated Ring security systems in the United States in recent years.
What is the ring and why did Amazon buy it?
Amazon acquired the Home Security Home Ring for an amount of £ 700 million ($ 1 billion).
The home security startup sells bells that capture video and audio.
The clips can be transmitted on smartphones and other devices, while the doorbell even allows owners to chat remotely with those at their door.
Ring sells ringtones (left) that capture video and audio. Clips can be transmitted on smartphones and other devices, while the doorbell even allows owners to chat remotely with those at the door
Ring promotes its devices as a way to catch packet thieves, a nuisance that Amazon has been seeking to remedy.
At the end of last year, Amazon introduced its own combination of camera and smart lock called Amazon Key in a step towards home security.
Key is designed to provide a safe and traceable way for packages to be delivered inside homes when people are not there.
Amazon has bought the home security startup Ring for about £ 700 million ($ 1 billion)
Ring’s ring could work well with Amazon Key, which allows delivery personnel to put packages inside a house to prevent theft or, in the case of fresh food, spoil.
California-based Ring first drew attention to a failed fundraiser about five years ago on the reality show Shark Tank.
Ring won the backing of billionaire Richard Branson and Amazon’s Alexa Fund.