Apple HomePod Mini
"Full-range driver and dual passive radiators!" No idea what that means but Apple makes that sounds like the coolest thing ever in these little round, colorful globes of a smart speaker. The HomePod Mini comes in five colors with four built-in smart microphones to listen for all those, "Hey Siri" requests. Apple promises anything you say after "Hey Siri" is encrypted and associated to a random identifier on Apple's servers though, so hopefully your voice requests are safe. And iPhone owners, you're in luck! Apple says personalized listening suggestions will appear magically on your iPhone when you hold it next to your HomePod without having to unlock your phone. There goes the privacy of your playlist.
What could happen if something goes wrong?
Apple does a pretty good job with privacy and security as a company. But, like life, hackers find a way! So Apple has had some pretty serious security issues. In 2023, Apple released fixes for three different vulnerabilities that made it possible for bad actors to hack Apple devices. In 2022, they had a security flaw that could allow hackers to take complete control of iPhones, iPads, and Macs. Earlier that year, Apple also gave up data to hackers who forged emergency data requests from law enforcement. Back in 2021, another bad security vulnerability could have allowed bad actors to record calls and messages and even turn the device camera and microphone on without the user knowing. Eesh. The good thing with Apple and security is, they seem to take these security breaches seriously, jump and fix them immediately, and communicate pretty well with users on what they need to do to stay safe. So keep those devices updated, folks!
Apple says they can collect things like name, email address, age, location, device information, contact information, and more. The good news is, Apple says they treat all this information as personal information. So, things like device ID and the like are treated as securely as your name and age. That’s good. And any information used to personalize things for you across your Apple devices is synced over iCloud using end-to-end encryption. Also good. They do say they can share your data with some third parties such as business partners, service providers, and others as you give your permission. For the most part, this sharing looks pretty normal for the services they provide.
On the privacy front, yes, Apple is generally better than other Big Tech companies (cough, Meta, cough cough, Amazon, cough Samsung), when it comes to privacy. They don't sell your data and do seem to do a better job at collecting less of it in general.
And when it comes to AI voice assistants, Siri is a bit more privacy conscious than others like Amazon’s Alexa. Apple says they take special care to make sure your Siri requests aren't associated with you, and those transcripts aren’t subject to human review--anymore. In 2021, Apple made another positive change for your Siri voice requests--many audio requests for things like setting timers or alarms or controlling music are no longer sent over the internet to their servers, instead they are processed directly on your HomePod. This is better for your privacy.
Now Apple does say they can target you with some personalized ads on their platforms. Apple delivers ads to you on Apple News or App Store, and gives you the option to opt-out of these personalized ads using your Apple ID, which will opt you out of these ads across all Apple devices. However, keep an eye on how Apple does ads. Right now it’s not too worrisome to us, but that could be changing as they are reportedly growing their ad business and have already released new advertising products in early 2023. Hopefully, their public commitment to privacy will outweigh the need for extra ad dollars.
Apple isn’t perfect. In January 2023, Apple was fined eight million euros by France’s data protection authority because they determined that in 2021, Apple’s iOS 14 didn’t comply with EU privacy requirements. The complaint said its default settings allowed targeted ads from Apple without asking users for consent. Regulators agreed. The thing is, Apple could do better. So it's important to hold them accountable for their privacy promises.
Tips to protect yourself
- You can say “Hey Siri, stop listening” to turn off speech recognition for a period of time
- Turn off Location Services on HomePod
- Remove HomePod from the Home app before selling it or giving it away
- Check out Apple Homepod privacy controls.
- You can turn off location services on your Homepod, too
- Before you give HomePod to someone else, you should remove it from the Home app
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
What can be used to sign up?
What data does the company collect?
Your Apple ID and related account details, including email address, devices registered, account status, and age, data from which your device could be identified, such as device serial number, or about your device, such as browser type, data such as name, email address, physical address, phone number, or other contact information, data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information, data about purchases of Apple products and services or transactions facilitated by Apple, including purchases on Apple platforms, data used to help identify and prevent fraud, including a device trust score, data about your activity on and use of Apple's offerings, such as app launches within Apple services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data, precise location only to support services such as Find My or where you agree for region-specific services, and coarse location, details including salary, income, and assets information where collected, and information related to Apple-branded financial offerings, government ID Data (In certain jurisdictions, we may ask for a government-issued ID in limited circumstances, including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law);
Details such as the content of your communications with Apple, including interactions with customer support and contacts through social media channels.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.
In January 2023, Apple was fined €8M in French privacy case.
In 2021, Apple had a recent serious spyware security vulnerability called Pegaus that infected iPhones and other Apple devices.
In 2021, a major data leak was reported of 61 million fitness tracker data records, including Apple's Healthkit data, by the third party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Uses encryption both in transit and at rest.
Apple has a bug bounty program. Link: https://developer.apple.com/security-bounty/
Some of Apple's AI research can be found at https://machinelearning.apple.com/.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Amazon and Apple fined $218 million by Spain antitrust watchdogCNN Business
Apple fined €8M in French privacy casePolitico
Apple says it prioritizes privacy. Experts say gaps remainThe Guardian
Apple’s Privacy Mythology Doesn’t Match RealityWired
Apple’s Illusion of Privacy Is Getting Harder to SellThe New York Times
Apple Still Has a Privacy ProblemPC Magazine
Apple’s privacy-centric brand image takes a hit as it scrambles to fix security bugsThe Drum
61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data BreachHealth IT Security
Apple security flaw ‘actively exploited’ by hackers to fully control devicesThe Guardian
Apple Issues Emergency Security Updates to Close a Spyware FlawThe New York Times
Security News This Week: Fake Cops Scammed Apple and Meta to Get User DataWired
Apple and Meta Gave User Data to Hackers Who Used Forged Legal RequestsBloomberg
Apple warns of security flaws in iPhones, iPads and MacsNPR
Apple Is an Ad Company NowWired
Apple’s AI plan: a thousand small conveniencesThe Verge
Apple overhauls Siri to address privacy concerns and improve performanceThe Guardian
Apple Data Breaches: Full Timeline Through 2021Firewall Times
Got a comment? Let us hear it.