Ring Doorbell App Found Sending Name, Email To 3rd Party Tracker
The EFF (Electronic Frontier Foundation) revealed a study this week which showed the Ring Doorbell app for Android to be tracking users with 3rd-party systems. Included in the mix are four "analytics and marketing companies" that received information not explicitly sent by the user of the Ring app. This is not the first time Ring has exposed user data to 3rd-party groups – it's not even really all that rare.
Four separate 3rd-party user data trackers were found in the Ring Doorbell app for Android this week: Branch, MixPanel, AppsFlyer, and Facebook. This system also sends data to Google's data logging system Crashalytics, but as the EFF report today suggests, "the exact extent of data sharing with this service is yet to be determined."
The study done by EFF of the app worked with Ring for Android version 3.21.1 – that's likely the version you've got on your smartphone or tablet right this minute if you're reading this article in January of 2020. Each of the four systems listed above receives data from the Ring Doorbell app, information – data points – that range from seemingly innocuous details (like hardware screen resolution) to personally identifying info (like a device's local IP address).
Shared with Branch:
• Device Fingerprint ID
• Hardware ID
• Identity ID (unique identifier codes for your device)
• Device local IP address
• Device Model
• Screen Resolution
• Screen DPI
• Language
• Operating System/ Version
• Wi-fi status
Shared with Facebook:
• Advertiser ID
• Advertiser Tracking (enabled)
• Anon ID
• Application Tracking (enabled)
• Physical location
• Device Model
• Screen Resolution
• Screen DPI
• Language
Shared with Mixpanel:
• Time of login
• User ID (Ring username)
• User Full name <----- Users' real, full name• User email address
• Bluetooth status
• Operating System/ Version
• App settings (number of Ring devices, etc)
Shared with AppsFlyer:
• Device Model
• Screen Resolution
• Screen DPI
• Location (country)
• Date
• Time (when app is opened)
• Device battery level
• Device processor type
• Device sensor data
– Magnetometer data
– Gyroscope data
– Accelerometer data (current calibration for each)
• AppsFlyer status – seeking other appearances of AppsFlyer in the users' device (bloatware or otherwise)
As mentioned by the EFF, the most recent Ring Third Party Services officially listed online include Mixpanel, Google Analytics, HotJar, and Optimizely. Notably missing: Facebook, Branch, AppsFlyer, and Crashalytics.
Also of interest for Ring Doorbell and camera users – that time they shared data with the police, from just this December (last month). Also take a peek at the other recent Ring login situation that occurred – also in December of 2019. Earlier in 2019 we caught wind that Ring officials had "unfettered access to unencrypted videos". But it's about being MORE secure, right?