Surprise, Ring for Android reportedly shares your data with third parties

More bad news about Ring. A new report says the Android version of the app is sending user data to third parties.  

The Electronic Frontier Foundation (EFF), a respected digital civil liberties nonprofit, made the revelation on Monday. According to its report, Ring’s Android app is “packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII).”

That information includes “names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.”

Why is this a problem? With this much information, bad actors could get a pretty full picture of Ring users. 

This is all the more troubling given the problems that have plagued Ring for the last several months. Whether it was questionable use of videos of trick-or-treaters, weak security that allowed hackers to access users’ systems and interact with children (which resulted in a lawsuit), or the company’s troubling partnership with law enforcement, Ring has been at the center of plenty of controversy.

A spokesperson for Ring told Mashable via email, “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing. Ring ensures that service providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes.” 

Among the companies who had trackers in the app were data analytics firms Branch, MixPanel, and AppsFlyer. These services collect and analyze user data for brands, breaking down how users engage with apps.

Additionally, the group found a tracker belonging to Facebook. Yes, that Facebook, which received data even if the user didn’t have  a Facebook account. 

Facebook received “time zone, device model, language preferences, screen resolution, and a unique identifier.” 

But the most sensitive information was sent to MixPanel, which received “users’ full names, email addresses, device information such as OS version and model,” and whether Bluetooth was enabled and how many locations the user had installed Ring at. 

While EFF notes that MixPanel is on Ring’s list of third-party services, Ring doesn’t list the extent of the data shared (though MixPanel does have its own opt out). MixPanel is largely used by Ring for targeting messages about new features and updates. 

The other three services EFF found are not listed on Ring’s third-party list. 

If it were another company, it might not get this much attention. But it’s another troubling story about an embattled company that’s walked a fine line between security and surveillance.