The consumer advocacy site Which? recently decided to test four categories of smart devices, aiming to give various products in the groups privacy scores.
They wanted to know what data and consent different air fryers, smart watches, smart speakers, and smart TVs were asking for ― and whether they were excessive.
It’s bad news pretty much across the board, Harry Rose, the editor of Which? magazine, said.
“Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency,” he wrote.
Which products were tested, and what did they “spy” on?
By category, the results were:
1) Air fryers
All three of the air fryers Which? tested wanted to know consumers’ locations and wanted to be able to record audio, even though there was no clear reason why they should do so.
The Xiaomi air fryer app linked the device to trackers from Facebook, Pangle (an ad network for TikTok for business) and the tech company Tencent. It chose which it tracked depending on users’ location.
Aigostar’s air fryer asked for customers’ age and gender, but you could decline to give it the information.
“The Aigostar and Xiaomi fryers both sent people’s personal data to servers in China, although this was flagged in the privacy notice,” Which? added.
2) Smartwatches
Which? found one smartwatch required numerous “risky” (“invasive”) permissions, including audio recording and file access, to function.
The publication also noted some trackers in this device, though the company said they only worked in specific regions.
The other smartwatches did not appear to use trackers.
3) Smart TVs
Which? found that some TVs requested a postcode, which companies said was for localisation and could be partial.
One brand claimed their setup wasn’t mandatory, though Which? found otherwise, and another allowed users to skip entering a postcode.
One TV app requested eight “risky” permissions, and two brands linked to trackers like Facebook and Google, though one brand did not.
4) Smart speakers
One speaker and its app asked for very few permissions, but Which? says it they “are stuffed with trackers, including Facebook, Google and digital marketing firm Urbanairship.”
The others let you skip a lot of sensitive data inputs, they add; though you will need a Google or Amazon account to use them.
“All of the devices on test wanted to know users’ precise locations,” Which? added.
What’s the response been?
Xiaomi has since said: “We do not sell any personal information to third parties.”
“The permission to record audio on Xiaomi Home app is not applicable to Xiaomi smart air fryer which does not operate directly through voice commands and video chat,” they added.
The Information Commissioner’s Office (ICO) said that Which’s tests “show that many products not only fail to meet our expectations for data protection but also consumer expectations.”
“Which? has been calling for proper guidelines outlining what is expected of smart product manufacturers and the ICO has confirmed a code is being introduced in Spring 2025 – this must be backed by effective enforcement, including against companies that operate abroad,” the magazine’s editor said.