Ring

Ring Android app delivers users’ personal information to four analytics and marketing companies

Last updated:

Ring Android app found to deliver users’ personal information to four analytics and marketing companies – Facebook, MixPanel, AppsFlyer, and Branch

An investigation by the Electronic Frontier Foundation (EFF) of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII).

The EFF investigation found that Ring for Android v3.21.1 sends users’ personal information to four analytics and marketing companies: Facebook, Branch, AppsFlyer, and MixPanel.

Facebook receives alerts whenever the app is opened and upon app deactivation after screen lock due to inactivity. Even if the Ring user does not have a Facebook account, the social networking giant still receives information such as their time zone, device model, language preferences, as well as a unique identifier.

Branch receives a number of unique identifiers – device fingerprint id, hardware id, identity id – as well as your device’s local IP address, model, screen resolution, and DPI.

AppsFlyer receives a wide array of information upon app launch as well as certain user actions, such as interacting with the “Neighbors” section of the app. This information includes your mobile carrier, when Ring was installed and first launched, a number of unique identifiers, the app you installed from, and whether AppsFlyer tracking came preinstalled on the device.

AppsFlyer also receives the sensors installed on your device (on our test device, this included the magnetometer, gyroscope, and accelerometer) and current calibration settings.

MixPanel receives the most information by far. Users’ full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in, are all collected and reported to MixPanel.

MixPanel is briefly mentioned in Ring’s list of third party services, but the extent of their data collection is not. None of the other trackers listed in this article are mentioned at all on this page.

The EFF said,

Our dynamic analysis was performed using mitmproxy running on an access point to intercept and analyze HTTPS flows from an Android test device.

To remove noise generated from other apps, we installed the AFWall+ firewall app and only allowed network traffic from Ring. mitmproxy generates a root x509 certificate which is to be installed in the OS-level certificate store in Android, allowing active interception to take place on otherwise secured traffic.

This led us to the initial discovery that the root certificate was not being accepted as valid, and that some form of certificate pinning was being employed by the app.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services