Eufy RoboVacs

Warning: *privacy not included with this product

Eufy RoboVacs

Review date: Nov. 9, 2022

|
|

Mozilla says

|
People voted: Not creepy

Eufy's line of robot vacuums include some with laser navigation, some with "smart path navigation" and then there is the "bounce series," which maybe just kinda bounces off of stuff. Regardless, Eufy lets you get a robot vacuum as smart or dumb as you want. Want one to map your home and work when and where you schedule it. Done. Want one that doesn’t even have WiFi and just goes about the business of vacuuming with the push of a button. Done. As for Eufy's privacy policies, well, they do raise a few red flags. Good thing you've got that dumb, no-WiFi option if you want!

What could happen if something goes wrong?

Robot vacuums from Eufy come with features like laser navigation, AI mapping technology, and sensors to help avoid obstacles. Fortunately, none of Eufy’s robot vacuums seem to come with built-in cameras (yet, at least), which is good. Sensors are generally a safer bet than cameras in your home. Most of Eufy’s robot vacuums do connect to WiFi and share some data back to Eufy through the Eufy Clean app. Consumer Reports found that Eufy lacked good publicly available information about what data their robot vacuums collects. It would be good to know exactly what data their robot vacuums collect.

According to Eufy’s privacy policy, they do say they can collect a good deal of personal information on you -- things like name, email, gender, birth date, location, device information, and more. And while Eufy says they don’t sell your personal information -- which is good -- they say they can use that information to show you ads from them and third party advertisers, which isn’t so good (but also pretty standard on the internet these days). They also say they can collect personal information on you from third parties who provide it to them, such as law enforcement authorities. This worries us a bit because the way that line in their privacy policy is written is rather vague and seems like it could leave open the possibility they could collect information on users from a variety of third parties, for example, data brokers.

It’s great we found no known security breaches of Eufy’s robot vacuums. Unfortunately, Eufy has had some significant security vulnerabilities with their security cameras. In June 2022, security experts found three security vulnerabilities in Eufy's Homebase 2 video storage and management device that could have allowed hackers to take control of the hub, control it remotely, or steal video footage. Eufy/Anker developed fixes for these security vulnerabilities and released them to users in a timely manner. And in May 2021, Eufy was forced to apologize for a bug that exposed the camera feeds of 712 users to strangers. Eufy said the glitch happened during a software update and “users were able to access video feeds from other users’ cameras.” Eufy said in a statement the glitch was fixed an hour after it was discovered.

So, the bad news is, Eufy’s security cameras have had some serious security issues. The good news is, Eufy as a company seems to have stepped up and immediately fixed these bugs and to get the updates out to their users quickly. While these security oopsies happened to their video cameras, not their robot vacuums, it’s a good reminder that bugs happen and software updates can go wrong, which wouldn’t be good for your robot vacuum (although, you’re probably less vulnerable to a bug in your robot vacuum than your security camera or smart lock).

What’s the worst that could happen? Well, it’s always possible someone could hack your WiFi and control your robot vacuum, sending it around your home mapping things and learning all about where your tables and chairs are. One way around this, you could always buy Eufy’s “dumb” robot vacuum, the RoboVac 11S, that doesn’t connect to WiFi at all. Sometimes dumb is good.

Tips to protect yourself

  • Use two-factor authentication
  • Limit your robot vacuum's data sharing
  • Use strong passwords
  • Keep your robot vacuum's firmware updated
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: No

Tracks location

Device: Can’t Determine

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for sharing personal data for advertisement and for combining users' data with data from third parties.

Eufy does not sell data. However, they share personal identifiers for advertisement purposes: "We do not Sell any personal information to third parties. In particular, we do not Sell the personal information of minors under 16 years of age. In the preceding 12 months, we have disclosed the following categories of personal information to the following categories of recipients: [...] Advertising networks, data analytics providers. - Personal Identifiers."

Eufy also combines users' data with data obtained from third parties: "We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; etc.)."

How can you control your data?

We ding this product because it is not clear all users have the same rights to access and delete their data. Eufy specifically mentions the right to delete data only for users based in California.

"Subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data...."

Data retention policies for Eufy are rather confusing, however Eufy does promise to delete or anonymised data once they do not need it any more:
"Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant Personal Data; or
- anonymize the relevant Personal Data."

What is the company’s known track record of protecting users’ data?

Average

In June 2022, three security vulnerabilities were found in Eufy's Homebase 2 video storage and management device that could have allowed hackers to take control of the hub, control it remotely, or steal video footage. Eufy/Anker developed fixes for these secruity vulnerabilities and released them to users in a timely manner.

In May 2021, Eufy was forced to apologize for a bug that exposed the camera feeds of 712 users to strangers. Eufy said the glitch happened during a software update and “users were able to access video feeds from other users’ cameras.” Eufy said in a statement the glitch was fixed an hour after it was discovered.

Child Privacy Information

Our Sites, products, or services are not directed to children under the age of 13. As a result, our Sites, products, or services do not request or knowingly collect personal information from individuals under the age of 13. If you are not 13 or older, you should not visit or use our Sites, products, or services .

Can this product be used offline?

Yes

User-friendly privacy information?

Yes

Structured and concise

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

The built-in AI reduces the number of false alerts you receive by intelligently differentiating people from objects. It has features like pet detection, and even crying detection.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.