Alexa, How Secure Is My Data?

“Okay Google, will it rain today?”. This is only one of many voice commands that we can give to the so-called virtual assistants. The top dogs among the providers of smart speakers are the American companies Google, Apple, and Amazon. How the products of the respective companies work is clear. But what about data protection? This question will be investigated in more detail in the following article. At the end of the article, you will also find our five tips for the secure use of smart speakers.

Hey Google, What Do You Know About Me?

Google Assistant is installed on many devices. In addition to the Google Nest and Google Homepod, companies like Sonos and Bose also rely on the Google Assistant, as well as many other smart home providers.

When taking a look at the privacy policy of Google Assistant, it becomes clear that data is not only recorded and processed while actively using the Assistant. To make your profile as personalized as possible, your web protocol is accessed. Among other things, Google combines data concerning your search queries, which websites you have visited, and which YouTube videos you have watched. Here you can get an insight into your collected activities and delete them if necessary. This is recommended for all users, as Google itself will not delete your data.

According to Androidcentral, Google’s smart speakers could be able to detect a voice command without the common wake words “Hey Google” and “Okay Google” in the future. The assistant is supposed to recognize and execute commands in certain situations, such as answering a call via voice shortcuts. However, the microphone has to be activated automatically for this, which could lead to faulty recordings.

Alexa, What Data Are You Storing?

With its Echo products, Amazon has been the market leader in smart speakers for several years. As with the Google Assistant, Alexa voice control is included in several smart home devices.

Looking at the Alexa Privacy Hub, it is shown when and which data is collected and where it is then stored. After Alexa recognizes one of the four activation words (Alexa, Echo, Computer, or Amazon), the voice request will be transmitted to Amazon’s cloud and stored there in encrypted form. Data that is stored by Alexa includes the content of the command and, in the case of third-party devices, the device’s location and network connection.

Through a signal tone and a blue ring, users can recognize whether they have activated the Echo device and if the recording has started. As with Google Assistant, customers have to delete recordings of Alexa devices themselves. According to Amazon, recordings for the respective day can be deleted either in the app or via voice command.

To ensure that Alexa only hears what she is supposed to, you can turn off the microphone. According to Amazon, the power supply to the microphone is interrupted and thus deactivated. For devices of the “Echo Show” series, you can also cover the integrated camera. Again, we advise users to do this after every video call.

Hey Siri, Are You Listening?

Siri has been carrying out voice commands of its users with Apple products since 2011. In February 2018, Apple released its first smart speaker, the HomePod, which was designed to compete with existing Google and Amazon devices.
In terms of data protection, the recording of conversations is similar to Google and Amazon.

Apple’s privacy policy for the HomePod reveals the current amount of data collected by the smart speaker. In addition to the device location and vocal data, the user’s contact list is also sent to Apple and stored. Data transmitted to Apple’s servers is allegedly encrypted and protected by anonymous IDs. However, Apple is criticized for not providing precise information on whether data from European users are sent to servers in the EU and processed there. According to the GDPR, this would be mandatory for data collected from EU citizens.

If you do not need Siri, we recommend you to deactivate the microphone, at least for the time being. Users can do this either in the “Home” app on iOS or iPadOS devices or via the voice command “Hey Siri, stop listening”. Similar to the Amazon Echo, you can see on the top of the HomePod whether Siri has been activated and voice recording started.

Conclusion

Smart speakers make everyday life easier for many users. On the one hand, controlling various devices in a smart home with the sound of your voice may sound fantastic, but data protection should also be taken into consideration. As the article by Built In states, smart speakers do not only listen when the user says the activation word. To recognize the trigger words at all, microphones are usually constantly active and start data transmission as soon as the corresponding command is given. However, smart speakers are prone to errors and misinterpret incoherent sentences from TV shows or conversations as an activation word and start recording.

For everyone that is not keen on giving up their smart speaker but still wants to improve their device in terms of data protection, we have gathered 5 tips on a more secure usage.

5 Tipps for the Secure Use of Smart Speakers

1. Deactivate the microphone and, if possible, the camera when you are not using your smart speaker.
2. Delete voice recordings from the device on a regular basis.
3. Perform frequent updates on your device to close security gaps.
4. Connect only necessary accounts to your smart speaker to minimize your vulnerability in case of a hacking attack.
5. Choose a secure Wi-Fi password. In most cases, hackers gain access to connected Internet of Things (IoT) devices through an unsecured router. In this article we show the worst passwords and how you can easily create a secure one.