Apple HomePod Mini
Smart Home Smart Speakers

Apple HomePod Mini

Apple
Wi-Fi Bluetooth

Review date: Nov. 9, 2022

|
Mozilla researched 7 hours
|

Mozilla says

|
People voted: Not creepy

"Full-range driver and dual passive radiators! " No idea what that means but Apple makes that sounds like the coolest thing ever in these little round, colorful globes of a smart speaker. The HomePod Mini comes in five colors with four built-in smart microphones to listen for all those, "Hey Siri" requests. Apple promises anything you say after "Hey Siri" is encrypted and associated to a random identifier on Apple's servers though, so hopefully your voice requests are safe. And iPhone owners, you're in luck! Apple says personalized listening suggestions will appear magically on your iPhone when you hold it next to your Homepod without having to unlock your phone. There goes the privacy of your playlist.

What could happen if something goes wrong?

Apple does a pretty good job with privacy and security as a company. They have had some serious security issues, including one in 2022 that could allow hackers to take complete control of iPhones, iPads, and Macs. And another bad security vulnerability that resulted in spyware that could allow bad actors to record calls and messages and even turn the device camera and microphone on without the user knowing. The good thing with Apple and security is, they seem to take these security breaches seriously, jump and fix them immediately, and communicate pretty well with users on what they need to do to stay safe. So keep those devices updated folks! And take those security warnings seriously when you get them. This is also a good reminder that even the best companies can be vulnerable to high-level security bugs and breaches.

On the privacy front, yes, Apple is generally better than other Big Tech companies (cough, Meta, cough cough, Amazon, cough Samsung), when it comes to privacy. They aren’t perfect, of course, but they do seem to do a better job at collecting less data because they aren’t trying to sell as many ads as Google and Facebook (yet, at least).

Apple says they can collect things like name, email address, age, location, device information, contact information, and more. The good news is, Apple says they treat all this information as personal information. So, things like device ID and the like are treated as securely as your name and age. That’s good. And Apple says they don’t share or sell your data, which is also good. They do say they can share your data with some third parties such as business partners, service providers, and others as you give your permission. For the most part, this sharing looks pretty normal for the services they provide.

And Apple does say they can target you with some personalized ads on their platforms. Apple delivers ads to you on Apple News or App Store, and gives you the option to opt-out of these personalized ads using your Apple ID, which will opt you out of these ads across all Apple devices. However, keep an eye on how Apple does their ads business. Right now it’s not too worrisome to us, but that could be changing as they look to grow their ad revenue.

When it comes to AI voice assistants, Siri is a bit more privacy conscious than others like Amazon’s Alexa. Apple says they take special care to make sure your Siri requests aren't associated with you, which is great. And in 2021, Apple made a positive change for your Siri voice requests -- many audio requests for things like setting timers or alarms or controlling music are no longer sent over the internet to their servers, instead they are processed directly on the HomePod. And any information used to personalize things for you across your Apple devices is synced over iCloud using end-to-end encryption. All this is good for your privacy. Apple did face backlash in 2019 when it came to light their contractors were regularly listening in on confidential personal conversations when they were reviewing the voice assistant's recordings. Apple changed their policy so users weren't automatically opted-in to human voice review.

What’s the worst that could happen? Well, Apple isn’t perfect, they could do better. And they seem to be looking to grow their ad business. This is a good time to remind people that Apple’s privacy policy -- as do almost all the privacy policies we read -- has a clause that says, “We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a reorganization, merger, or sale.” So, while Apple is pretty good now, there is no guarantee that Apple won’t reorganize their business or change their privacy practices in the future. Then that personal information you trust them with now could become more vulnerable or more valuable. Here’s hoping Apple keeps being one of the better ones out there though. 🤞🏼

Tips to protect yourself

  • You can say “Hey Siri, stop listening” to turn off speech recognition for a period of time.
  • Check out Apple HomePod privacy controls.
  • You can turn off location services on your HomePod, too.
  • Before you give HomePod to someone else, you should remove it from the Home app.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • mobile

Can it snoop on me? information

Camera

Device: No

App: N/A

Microphone

Device: Yes

App: N/A

Tracks location

Device: No

App: N/A

What can be used to sign up?

What data does the company collect?

How does the company use this data?

"Apple does not sell your data including as 'sale' is defined in Nevada and California. "

"Apple uses personal data to power our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent.

Apple uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Apple may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions about the legal basis, you can contact the Data Protection Officer at apple.com/legal/privacy/contact."

Apple says it does not share your data with third parties for commercial or marketing purposes. In June 2021, Apple announced that it will no longer send Siri requests to its servers, but instead will process them at the device level.

Apple say they can deliver ads to you on their services, and you can opt out of those targeted ads if you chose. "Ads that are delivered by Apple’s advertising platform may appear in Apple News, Stocks, or in the App Store. If you do not want to receive ads targeted to your interests from Apple's advertising platform in those apps, you can choose to disable Personalized Ads, which will opt your Apple ID out of receiving such ads regardless of what device you are using."

How the company says they may share data with law enforcement:

Apple may also disclose information about you if they determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

How can you control your data?

"Apple retains personal data only for so long as necessary to fulfill the purposes for which it was collected, including as described in this Privacy Policy or in our service-specific privacy notices, or as required by law. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy and our service-specific privacy summaries. When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law."

Apple grants you right to delete or access your data.

"There may be situations where we cannot grant your request — for example, if you ask us to delete your transaction data and Apple is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical."

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2022, Apple identified and patched serious security vulnerabilities, one that could allow hackers take full control of iOS devices.

In 2022, Apple allegedly gave user data to hackers who faked being law enforcement and forged requests for information.

In 2021, Apple had a recent serious spyware security vulnerability called Pegaus that infected iPhones and other Apple devices.

In 2021, a major data leak was reported of 61 million fitness tracker data records, including Apple's Healthkit data, by the third party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.

Child Privacy Information

"Apple understands the importance of safeguarding the personal data of children, which we consider to be an individual under the age of 13 or the equivalent age as specified by law in your jurisdiction. That is why Apple has implemented additional processes and protections to help keep children's personal data safe.

To access certain Apple services, a child must have a child Apple ID. A child Apple ID may be created by the parent or, in the case of a Managed Apple ID, by the child's educational institution."

Can this product be used offline?

Yes

User-friendly privacy information?

Yes

Apple has a webpage highlighting its privacy principles and features. Apple begins its privacy policy with a statement of principles. While this statement is very long, it is clearly broken out into relevant topics.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Uses encryption in transit and at rest.

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Apple has a bug bounty program.

Privacy policy

Yes

Does the product use AI? information

Yes

Some of Apple's AI research can be found at https://machinelearning.apple.com/.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Apple states in its privacy policy, "Apple does not take any decisions involving the use of algorithms or profiling that significantly affect you." Apple employs machine learning in many different ways, from using it to to improve Siri to using it to sharpen the photos that you take.

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Apple says it prioritizes privacy. Experts say gaps remain
    The Guardian
  • Apple’s Privacy Mythology Doesn’t Match Reality
    Wired
  • Apple’s Illusion of Privacy Is Getting Harder to Sell
    The New York Times
  • Apple is sneaking around its own privacy policy — and will regret it
    Computer World
  • Apple Still Has a Privacy Problem
    PC Magazine
  • Apple’s privacy-centric brand image takes a hit as it scrambles to fix security bugs
    The Drum
  • 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach
    Health IT Security
  • Apple security flaw ‘actively exploited’ by hackers to fully control devices
    The Guardian
  • Apple Issues Emergency Security Updates to Close a Spyware Flaw
    The New York Times
  • Security News This Week: Fake Cops Scammed Apple and Meta to Get User Data
    Wired
  • Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
    Bloomberg
  • Apple warns of security flaws in iPhones, iPads and Macs
    NPR
  • Apple Is an Ad Company Now
    Wired
  • Apple’s AI plan: a thousand small conveniences
    The Verge
  • Apple overhauls Siri to address privacy concerns and improve performance
    The Guardian
  • Apple Data Breaches: Full Timeline Through 2021
    Firewall Times

Comments

Got a comment? Let us hear it.