The smart home market has been growing steadily for almost a decade. According to Statista, the number of smart home device users is expected to rise from 424.5 million to a record high of 785.16 million by 2028. Smart devices today can be anything — from pillows to showers and toilets — and many require an app, which in turn requires our data.

But with showers and mattresses collecting data, is home still our most private place? Surfshark’s recent study, Smart Home Privacy Checker, revealed that 1 in 10 smart home apps collect data for the purpose of user tracking. Amazon and Google have developed the most data-hungry smart home device apps, which are used by millions daily. 

"In an era where convenience frequently takes precedence over privacy concerns, our latest research has uncovered a troubling trend in smart home device apps, notably from tech giants like Amazon and Google. It is important to understand that this issue extends beyond just data collection; it encroaches upon the intimate aspects of users’ lives, which, if mismanaged, could lead to data theft, security breaches, and the unsanctioned, uncontrolled dissemination of personal information to third parties. Users must be made aware and given the means to reclaim their digital privacy," states Goda Sukackaite, Privacy Counsel at Surfshark.

Why should we be concerned?

According to Surfshark’s analysis, various smart home apps often collect large amounts of personal data, including names, contact info, emails & text messages, and even browsing history. After gathering data, apps may track you to show targeted ads or share your information with third parties and data broker companies. These companies use your personal information for purposes like targeted advertising, credit risk assessment, or market research. Thus, you might end up paying twice for using these apps — once for the device and again with your data. 

What can we do to protect our privacy? 

Smart devices collect vast amounts of data, yet most consumers will likely continue using them for convenience. So, how can we protect our privacy while using them? According to Goda Sukackaite, if you use smart devices, you should:

• Seek out and utilize privacy settings;
• Actively manage app permissions and question those that seem excessive;
• Disable unnecessary microphones and cameras on smart devices and evaluate if the app asking to use your microphone or camera really needs it to perform its function; 
• Stay informed about the data security policies of the smart home devices you choose;
• Check what information is collected by your smart device apps and choose the ones that are less invasive of privacy. To check what data is collected by smart device apps, you can visit Surfshark’s Smart Home Privacy Checker. 

Which apps collect the most data?

According to Surfshark’s study, Amazon's Alexa collects 28 out of 32 possible data points — over three times more than the average smart home device. This data is linked to individual user profiles and includes precise location, contact information (email, phone number), and health data. 

Google gathers a little less than Amazon, collecting 22 out of 32 possible data points. That's still nearly triple the amount typically collected by other smart home devices. Like Amazon, Google links all collected data to the user. Some of the most notable collected data points are address, precise location, photos or videos, audio data, browsing, and search history.

Outdoor security cameras collect the most user data among smart home devices, and within this category, the Deep Sentinel and Lorex apps are the most invasive. 

What’s the way forward for smart home devices and data collection?

Our data is highly valuable, especially to third-party advertisers, data brokers, and other entities that use it to build their businesses. As more of our essential details and documents — such as signatures, passports, and bank accounts — move online, data protection becomes increasingly more important. Many countries are already enacting stricter data protection laws, such as the GDPR in Europe, to address potential privacy issues.

However, stricter laws will not help if we, as users, agree to share our data without a second thought. We need to be more vigilant about where and how our data is utilized. This means reviewing the permissions we grant to our devices and apps, scrutinizing privacy settings, and considering whether an app or device actually needs the information it requests. Data protection starts with our actions and our permissions. Therefore, the best way to safeguard your personal information in the future is to take greater responsibility for it personally.

METHODOLOGY

The Smart Homes Privacy Checker scrutinized 290 applications connected to over 400 Internet of Things (IoF) smart home devices, selecting apps corresponding to 64 device types highlighted for their popularity in online articles about IoT device searches. Surfshark's Research Hub analyzed the data from the apps' listings on the Apple App Store, examining 32 potential data points across 12 categories, emphasizing user uniqueness, tracking, and linkage. The most invasive apps were then ranked considering the number of unique data points collected, the scope of tracking-related data points, and the amount of data linked to users. For more information, visit surfshark.com/research/smart-homes/methodology 

NOTES TO EDITORS

Surfshark is a cybersecurity company focused on developing humanized privacy and security solutions. The Surfshark One suite includes one of the very few VPNs audited by independent security experts, an officially certified antivirus, a private search tool, and a data leak alert system. Surfshark is recognized as the Tech Advisor’s Editor’s Choice for 2024. For a closer look at Surfshark in 2023, visit our annual wrap-up. For more research projects, visit our research hub at: surfshark.com/research 

Attachment

• Chart