Smart home developers are raising concerns about Alexa and Google Assistant security

Cupertino, March 15, 2020

Tyler Lizenby / CNET

For years, smart speakers from Amazon, Google and Apple have traded data back and forth with other home devices. This is how their vocal assistants turn on the smart lights. But in early 2019, something changed: Amazon and Google began requiring continuous status change updates from devices - requiring, for example, smart bulbs to send data to Amazon or Google whenever they are enabled or disabled.

It was an apparently small change and one that received modest media coverage, but some smart home developers are increasingly uncomfortable with the change. A few weeks ago after a story was published on the security differences between the Apple Homekit platform and its competitors, I received an email from a popular smart home security company. One representative, who asked to remain unidentified, suggested that I further analyze the security issues raised by the status updates.

After the subsequent poll, it seems that not only are status updates making users and their data more vulnerable to attack, but it also gives these tech giants access to more data on homeownership than ever before. Despite the discomfort of many partners, Google and Amazon have not shown willingness to change course.

The cost of convenience

The stated reason for modifying the status update policy last year was convenience. Essentially, as an Amazon spokesperson told me in an email, "the status of customers' smart home devices ... is used to help Alexa complete actions on behalf of customers" and "to allow a excellent experience for the house ”.

Prior to automatically updating the status, if you asked the voice assistant to turn on the lights, Alexa or Google Assistant had to turn on the smart bulbs to check if they were already on, receive the status, and then send the appropriate command. With the status updates in place, the first two steps of this process have been excised.

The policy also allows for proactive features such as suspicions or other reminders (such as the suggestion to close the door before bed). These are the small facilities that make voice assistants more and more attractive to customers, but they come at a price.

"[Status update] data offers platforms [like Google and Amazon] a privileged position that no manufacturer enjoys, "said Brad Russell, director of smart home research at Parks Associates Inc.


Amazon's Echo Dot watch was inspired by Alexa users who asked more than a billion times last year.

Tyler Lizenby / CNET

Although Amazon says it does not sell the data it collects to third parties or uses it for targeted advertising, the data is still of great value to the company. In the same way, he can say how many times a year do Alexa users request the time. then create a product based on that data, Amazon can now tell you where to spend your time at home, when you are awake and when you sleep and countless other life patterns, you are only aware of yourself.

Google also takes advantage of this data, though it seems more reluctant to admit it.

"We ask our partners to let us know when a device's status changes ... so that it can be accurately represented on our smart screens and applications," said a Google spokesman. "We are distilling this data to update the application - making sure people can see what's going on in their homes."

So Google and Amazon are taking advantage of the data they gather with their devices and services, however, this may not be the only policy issue.


Google bought the smart thermostat developer Nest in 2014, which became the basis for its intelligent action system with Nest features.

Dale Smith / CNET

Peaceful concerns

Last year, Matt Day from Bloomberg spoke with two smart home executives, who said they asked Amazon and Google for "concessions ... related to user confidentiality or user transparency and data usage guarantees, but [were] rebuffed. "

I found a similar mix of developers, either extremely critical of the policy or unwilling to speak on record, afraid of reprisals.

Smart lock developer August was the most direct: "August has made and will continue to make recommendations to Google and Amazon regarding limiting real-time data requirements, in the hope that our suggestions will be implemented in the future," said Christopher Dow, chief technology officer. .

The crucial piece seems to be something called the principle of data minimization. If you work for an employer who manages sensitive information, you may already be familiar with the logic: only data that is relevant and essential should be processed and collected. Not only does adopting this principle ensure ethical use of data by the company, but it also exposes less customer data to potential breaches of confidentiality.

Amazon and Google could claim that status updates are essential to the smooth running of the home. But none of the companies made it clear that they have data after their relevance expires.


Abode's Smart Security Kit works with Apple Homekit, Amazon Alexa and Google Assistant.

Tyler Lizenby / CNET

Perhaps these privacy issues are ultimately down to the discretion of the customers. Scott Beck, CTO home security developer home, we seemed less inclined to place our customer privacy solution only on Google and Amazon when we spoke via email.

"Because ... there is the Smart Security Kit [is] Compatible with HomeKit and that functionality is processed locally, "said Beck," customers are concerned that their data is shared with Google and Amazon still have a viable alternative solution for voice assistant support through HomeKit compatibility.

But in order to make an informed decision, customers must first be properly informed. And as analyst Brad Russell said, "consumers don't get a choice as it is [to] if they want to share what employment data means. In an ideal world, consumers would be able to make this choice voluntarily. "

More than a year after status updates were introduced on Google and Amazon platforms - and despite significant resistance from developers - it seems unlikely that anything will be able to escape the tech giants of their current course.

"[Individual developers] "It has no effect," Russell said. This could be a case where "the horse has already left the barn".

Best selling & Top trending HomeKit product in our shop at this moment

HomeKit.Blog is in no way affiliated with or endorsed by Apple Inc. or Apple related subsidiaries.

All images, videos and logos are the copyright of the respective rights holders, and this website does not claim ownership or copyright of the aforementioned.

All information about products mentioned on this site has been collected in good faith. However, the information relating to them, may not be 100% accurate, as we only rely on the information we are able to gather from the companies themselves or the resellers who stock these products, and therefore cannot be held responsible for any inaccuracies arising from the aforementioned sources, or any subsequent changes that are made that we have not been made aware of.

HomeKit.Blog Is A Participant In The Amazon Services LLC Associates Program, An Affiliate Advertising Program Designed To Provide A Means For Sites To Earn Advertising Fees By Advertising And Linking To Amazon Store (, Or,,, Or

The opinions expressed on this website by our contributors do not necessarily represent the views of the website owners. 

Copyright © 2022 . All rights reserved
United States