Is privacy an illusion under a security camera’s watch?

The explosive growth of Internet of Things technology has transformed not only the way we interact with each other but also the way we live.¹ Without proper regulations and standards, manufacturers may prioritize profit over user safety, resulting in devices with vulnerabilities and security flaws.²

In light of this, Surfshark’s Research Hub has unveiled the "Smart Home Privacy Checker" tool, which provides insights into the data collection practices and privacy concerns of smart home device apps. A new study highlights outdoor security camera apps as among the most significant collectors of user data. As awareness increases around the potential vulnerabilities of these devices, it has become evident that, if not properly safeguarded, data security breaches can occur at different levels: within the device, during data transit to the cloud, and in the cloud.²

Key insights

• Outdoor security cameras are among the top collectors of user data, alongside various smart home apps. On average, they gather 12 data points (out of a possible 32), which include email addresses, phone numbers, payment information, precise location, and more. This is 50% more than the typical data collection by other smart home device apps. Analyzed outdoor security camera apps link 7 out of the 12 data points they collect on average to the user's identity.
• Analyzed indoor security camera apps are slightly less data-hungry. They gather 9 data points on average, and typically, 6 out of these 9 data points link to the user's identity. The data points often include email addresses, phone numbers, user IDs, device IDs, purchase histories, and audio data, among others.
• The most questionable data points that outdoor and indoor security camera apps gather include information that can be used to contact the user outside the app, such as the user’s name, email address, phone number, physical address, and other user contact info (collected by Arlo, Deep Sentinel, and D-Link apps), as well as contacts on the user’s device (collected by Nest Labs, Deep Sentinel, and D-Link).
• The outdoor security camera apps that gather the most information are Deep Sentinel and LOREX, both of which collect more than half (18) of the possible data points (32). In comparison, the indoor security camera app that gathers the most information is Nest Labs, which collects 17 data points. It is followed by the Ring and Arlo apps, which each collect 15 data points.
• The absence of regulations and standards for smart home devices presents significant risks, including data breaches, cyberattacks, and physical harm.² After collecting data, some apps track their users to display targeted ads or share their information with third parties and data broker companies. While none of the outdoor security camera apps engage in user tracking, two indoor security camera apps — Nooie and Canary Connect — do.

Methodology and sources

Ten popular outdoor security camera apps and ten popular indoor security camera apps were investigated. Some of the selected apps, such as Arlo and Wyze Labs, were included in both categories as they offer services in both areas. This study is a part of the larger "Smart Home Privacy Checker" study, in which Surfshark’s Research Hub analyzed the data from the apps' listings on the Apple App Store, examining 32 potential data points across 12 categories, emphasizing user uniqueness, tracking, and linkage. The most invasive apps were then ranked by considering the number of unique data points collected, the scope of tracking-related data points, and the amount of data linked to users.

Data was collected from:

References: