close
close

Is my air fryer spying on me? Which one? reveals smart devices that collect the most data

Is my air fryer spying on me? Which one? reveals smart devices that collect the most data

Which one? Research has found excessive surveillance of smart devices – from air fryers that ask permission to listen to your conversations and share data with TikTok, to TVs that want to know your exact location.

The consumer association rated products in four categories and gave them overall privacy scores for factors such as consent and what data access they want. Researchers found that data collection often went far beyond what was necessary for the product’s functionality – suggesting that in some cases data could be shared with third parties for marketing purposes.

)In the air fryer category, all three products not only wanted to know the customer’s exact location, but also permission to do so record audio on user’s phonefor no specific reason. The Xiaomi app is linked to its air fryer and is connected to trackers from Facebook, Pangle (the advertising network of TikTok for Business) and the Chinese tech giant Tencent (depending on the user’s location).

The Aigostar air fryer wanted to know gender and date of birth when creating an owner account, again for no apparent reason, but this was optional. The fryers Aigostar and Xiaomi both sent users’ personal data to servers in China, although this was highlighted in the privacy statement.

The Huawei ultimate smartwatch – as with all tested products – privacy consent is required to work properly. Nine was requested “risky” telephone rights – the most of all tested devices. Which one? defines “risky” as giving invasive access to parts of someone’s phone.

These include the precise location, the ability to record audio, access to saved files or the ability to see all other installed apps. The company said they all had a legitimate need. Huawei also said that no user data is used for marketing or advertising purposes. Which one? found some trackers active on the Huawei watch, but Huawei said they are only active in certain regions.

Bestsellers on Amazon, the Kuzil and WeurGhy smartwatches turned out to be essentially the same product. Both required permission to operate. If you refuse this, the product will only function as a watch, without the associated smart functions. There was no regulatory information on how long the smartwatches would be supported with security updates. However, both watches did not appear to use trackers.

Smart TV menus are littered with ads and hungry for user data. The Hisense and Samsung TVs Which? tested requires a zip code when setting up – although both brands said customers can use a partial zip code and that it was only used for certain content localization features. Samsung claimed that providing a zip code was not mandatory, but which one? found it seemed mandatory in his tests.

The LG asked for a zip codebut providing it was not mandatory. Samsung’s TV app asked for eight risky phone permissions, including being able to see all other apps on the phone, after the Huawei smartwatch. The Hisense didn’t connect to trackers that researchers could detect, but Samsung and LG linked some, including Facebook and Google.

The smart speaker analysis found that the Bose Home Portable speaker and app require the least prior phone permissions of any product tested, but is packed with trackers including Facebook, Google and digital marketing company Urbanairship. The Bose speaker also fared poorly when it came to how he secured customer consent for data tracking.

Amazon Echo, on the other hand, gives useful options to skip various data sharing requests. Consumers will need an Amazon or Google account to use the Echo Pop or Nest Mini, respectively. They use trackers that researchers at Which? expected to see, usually their own. However, users cannot selectively unsubscribe, hence their low star rating.

All tested devices wanted to know the exact location of users.

The research by Which? highlights how manufacturers can currently collect excessive data from consumers, often with little transparency about what it will be used for. The ICO will publish new guidance for manufacturers of smart products in spring 2025.

However, which one? is concerned that foreign-based manufacturers could take advantage of the challenges associated with enforcing compliance with the guidelines.

Harry Rose says, which one? magazine editor, said:

“Our research shows how smart technology manufacturers and the companies they partner with are currently able to collect consumer data with seemingly reckless abandon, and often do so with little or no transparency.

“Which? has called for proper guidelines setting out what is expected from manufacturers of smart products and the ICO has confirmed a code will be introduced in spring 2025 – this must be supported by effective enforcement, including against companies operating abroad.”

Consumer Advice – How to Improve Your Data Privacy

Care about what you share: Some data collection is optional during installation, meaning you can opt out (although with possible functionality consequences). Only share what you feel comfortable with.

Check permissions: On iOS and Android, you can view permission requests before downloading an app, and check what each app has access to in your settings.

Deny access: Also in your phone settings you may be able to deny or restrict access to data such as location, contacts, etc. Although that may hold back or limit certain aspects of the app.

Delete recordings: Using the Alexa and Google Assistant settings, you can set your voice recordings to be deleted automatically instead of being saved after a certain period of time.

Read the privacy statement: At the very least, browse the policy, especially the data collection sections. You have the right to object to the processing of your data by a company.

Right to answers

Samsung

“At Samsung, the security and privacy of our customers’ data is of the utmost importance. And we use industry-standard security measures and practices to ensure the data is safe. Customers will also have the option to view, download or delete personal data via their Samsung accounts. Customers can find more information about our privacy policy at www.samsung.com/uk/info/privacy.”

Hisense

“Hisense UK values ​​its relationships with its customers and respects their data privacy rights. We comply with all UK data privacy laws and only record our customers’ postcodes to enable them to receive region-specific content, improving their user experience. If users are concerned, many of our TVs accept a partial zip code.”

An Amazon spokesperson said:

“We design our products to protect our customers’ privacy and security and put them in control of their experience. For example, we’re building easy-to-use controls for our customers (including physical buttons or shutters, simple in-app controls, and prompts during device setup) and have created resources that explain how our devices and services work and the capabilities available to customers. ”

Googling

“The privacy of our customers is very important to us and Google fully complies with applicable privacy laws and provides transparency to our users about the data we collect and how we use it. For those times when users want to enable additional privacy controls Smart Google Nest speakers and displays, users can use the Google Assistant in guest mode. In guest mode, Google Assistant doesn’t say or show personal results and personal contacts, and audio recordings and Google Assistant activity are automatically deleted. “

Huawei

“Huawei takes consumer privacy incredibly seriously. Clearly, to be useful lifestyle and health/fitness partners, smartwatches need permission to access some personal data; we are very clear, both about the devices at installation and about the accompanying app Huawei Health, what permissions are needed and why, and users have full control over enabling or disabling them at any time.”

In a long statement Xiaomi said that “respecting user privacy has always been one of Xiaomi’s core values, including transparency, responsibility, user control, security and legal compliance.” It said it complies with all UK data protection laws, and that “we do not sell personal information to third parties”, and that certain features are only active in selected global markets, such as Tencent services only used in China. “The permission to record audio in the Xiaomi Home app does not apply to Xiaomi smart air fryer which does not work directly via voice commands and video chat,” it added.

Cosori

“We prioritize privacy and depending on our internal compliance requirements, the smart products must comply with the GDPR. However, without specific test reports from your company or the testing laboratory, we cannot comment further.”

LG declined to comment. Aigostar and Bose did not respond. WeurGhy and Kuzil weree unreachable.