Sam Stelfox

Ring doorbell privacy concerns: Smart home cybersecurity news [January 2020]

Prevalent in smart home cybersecurity news for months now, Ring doorbell privacy concerns continue to surface— This week, news broke out regarding the presence of third-party trackers in the Ring Video Doorbell mobile app for Android. 

Ring doorbell privacy concerns

Ring is among the family of Amazon-owned companies and is said to specialize in home security. Yet, recent news stories bring the company's own security practices into question:

As such, both Ring and Amazon were presented with a federal lawsuit at the end of 2019 for the devices' seemingly lax security measures and practices. Additionally, consumer and privacy groups have stepped in with product warnings issued for Ring devices.

Ring doorbell privacy concerns

Now today, there's another concern to add to the growing list. Findings from an investigation held by the Electronic Frontier Foundation (EFF) reveal the Ring Video Doorbell Android app to be packed with third-party trackers that are disclosing device users' Personally Identifiable Information (PII):

"Our testing, using Ring for Android version 3.21.1, revealed PII delivery to branch.iomixpanel.comappsflyer.com and facebook.com. Facebook, via its Graph API, is alerted when the app is opened and upon device actions such as app deactivation after screen lock due to inactivity. Information delivered to Facebook (even if you don’t have a Facebook account) includes time zone, device model, language preferences, screen resolution, and a unique identifier (anon_id), which persists even when you reset the OS-level advertiser ID."

Below are the certain types of PII received by the other three tracking companies, where only one of which is listed on Ring's List of Third-Party Analytics Services.

  • Branch— device_fingerprint_id; hardware_id; identity_id; local IP address; device model; screen resolution; DPI
  • AppsFlyer— mobile carrier; time of Ring install and first launch; a number of unique identifiers; the app you installed from; whether AppsFlyer can be preinstalled on the device; installed device sensors and current calibration settings
  • MixPanel— users' full names; email addresses; device OS; device model; whether bluetooth is enabled; app settings, which include number of locations where Ring devices are installed

EFF points out the major concern that Ring users should have now knowing these trackers are in place: These small bits of PII are sent off to tracking companies, enabling them to form a "unique picture of the user's device"— one that can be used for further tracking the user as they use said device, even beyond the Ring Video Doorbell app.

Ring devices are among the many IoT seen on the Minim platform, and we are proud to say the third-party trackers in question are on our block list. In fact, Minim users are able to proactively protect all of their connected devices, beyond just Ring, from these domains. If you are interesting in learning more about how Minim secures and protects the smart home, let us know.


Past smart home cybersecurity news roundups:


Like this blog?

Subscribe to our newsletter.