Apple’s Chinese Smart Home App Privacy Labels Often Fall Short of Reality
Chinese Smart Home Apps Collect Sensitive Data Without Adequate Disclosure
A recent study has revealed significant discrepancies between the data collection practices of Chinese smart home apps and the information disclosed in their Apple App Store privacy labels.
Data Collection Practices
The research, which examined 49 apps available in the Chinese App Store, found that these apps frequently collect sensitive data, including audio, video, and location information, without adequately informing users or providing them with meaningful controls over their data.
- Phone numbers
- Device identifiers
- Operating system versions
- Network information
- Location data, such as Wi-Fi details, IP addresses, and base station information
Many apps also request access to sensitive permissions, including location services, camera, photo album, microphone, contacts, Bluetooth, and system notifications.
Financial and Biometric Data Collection
The researchers found that 39 of the 49 apps collect financial information, such as payment amounts and bank card details, while 30 apps collect biometric data, including facial recognition information.
Some apps also collect health-related data, including blood pressure, blood sugar levels, and sleep patterns.
Privacy Concerns
However, the study found that none of the apps explicitly disclose how they handle sensitive personal information related to bystanders, such as visitors or passersby captured through cameras or microphones.
The researchers categorized bystanders into three groups: live-in bystanders, visiting bystanders, and uninvolved bystanders.
They found that privacy controls are largely designed around the primary account holder, with few mechanisms in place to obtain consent from secondary users or manage their data independently.
Discrepancies in Apple App Store Privacy Labels
The study also found that Apple App Store privacy labels often conflict with the actual data collection practices of the apps.
Twenty-six apps claimed in their privacy labels that they do not collect any data used to track users, despite disclosing third-party SDK usage for monitoring and analytics in their privacy policies.
Similarly, 23 apps claimed in their App Store labels that they do not collect any data linked to the user, despite requiring phone-number-based account registration.
Conclusion
The researchers suggest that these discrepancies may be due to the lack of transparency and accountability in the Chinese smart home ecosystem.
They note that the Chinese Cybersecurity Law requires companies to provide technical support and assistance to public security and national security authorities when required, which may limit the effectiveness of deletion mechanisms and undermine user privacy.
The study highlights the need for greater transparency and accountability in the smart home industry, particularly in regards to data collection and privacy practices.
It also underscores the importance of rigorous testing and evaluation of smart home devices and apps to ensure that they meet robust privacy and security standards.