Samsung Galaxy SmartTag 2

Warning: *privacy not included with this product

Samsung Galaxy SmartTag 2

Samsung
Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Very creepy

The Galaxy SmartTag is a Bluetooth tracker that also lets you control some of your smart home devices with the click of a button. Cool. Pop this little puppy on your keychain and find your lost keys from up to 120 meters away. You can push a button on your phone to make the SmartTag play a sound to lead you right to that very important thing you lost. Or tap into the Galaxy Find Network help you find what you've lost if you're out of Bluetooth range. Before you buy though, know the SmartTags are only compatible with Samsung Galaxy phones and tablets. That's a little limiting. Oh, and Samsung is kinda terrible at privacy.

What could happen if something goes wrong?

Samsung's Galaxy SmartTags don't have the huge community network of devices helping track them that Apple's Airtags and Tile's trackers do. But, they’re working on it. In May 2023, they announced that they added millions of devices to their SmartThings Find network, growing it by 1.5 times since last year. Thankfully, just like other popular trackers, Samsung has taken some steps to help scan if an unknown SmartTag is nearby and tracking you, which is good. You should know that this setting has to be turned on, under "Unkown Tag Detection," then "Unkown tag alerts." Is this the best anti-stalking solution on the market? No. But because Samsung's network is not as vast as AirTags', they're not going to be as effective at long-range tracking. And because they're not as good at long-range tracking, SmartTags probably won't be the product of choice for bad actors.

Privacy-wise, it sure seems Samsung likes to collect a lot of data on users, not gonna lie (seriously, the children's data section in their Samsung account privacy policy seems nuts to us).. That might include your geolocation, browsing history, the super-broad "sensory information," and lots of other kinds of personal identifiable information. They can also create inferences about you (assumptions about your behavior and preferences) based on the other information they collect about you. Then, they say they can share (and possibly sell) some of that data around lots of places -- with affiliates, business partners, marketing partners, and “data analytics providers.” They also reserve the right to sell your data for advertising purposes. Tisk tisk. They also say they can share information about you “to law enforcement authorities … if required or permitted to do so by law or legal process.” Hmm. Since it’s not usually illegal to share your data, that wording leaves the door open for your information to be shared pretty much at their discretion.

Oh, and parents, if you have a child please don't create a Samsung account for them. As we mention above, what Samsung says they can collect and share on your child if you create an account for this is crazy. They say they can collect things like video, images, geolocation information, health information, calls and messages. And then they go on to say they can use that information about your child for things like " delivering content and responses tailored to your child and the way your child interacts with the services and features," and the broadly defined "To operate, evaluate and improve our business, including developing new products and services, managing our communications, analyzing our services and customer base, aggregating and anonymizing data, performing data analytics and undertaking accounting, auditing and other internal functions." That's not all though. They also say they can share your child's information with subsidiaries, affiliates, service providers, and "our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Child Services". This all seems like a lot of potential collection and sharing of your child's personal information that you probably don't want collected and sold. Poor form, Samsung, and the many others who share personal data willy nilly.

Speaking of “nilly,” Samsung also accidentally leaked sensitive data to ChatGPT in early 2023 when their employees reportedly pasted code into the AI chatbot asking for help -- to check and optimize it. Samsung banned its use on all company devices and devices that connect to their network when they found out. It’s a good reminder for everyone that what you share with ChatGPT and most other chatbots is not private.

One last gripe? We did not get off on the right foot with Samsung. If you search for Samsung’s privacy policy, you’ll find a bunch of different results that link to different Samsung websites -- with different policies for their accounts and for their services and products which is kinda confusing because most people who have one probably have the other, too. We based this review on their most recently updated policy (and its Californian counterpart) that says it covers their connected devices and services. Privacy researchers sure do have confusing privacy policy ecosystems because it makes our jobs hard, and because we know if we're struggling to find and understand it when it's our job, what chance do consumers have when they have little time to sort through everything. Do better Samsung!

It’s finally silver lining time! It seems like Samsung might (but probably not) extend the rights that protect users under California’s stronger privacy law, CCPA, to all of the United States, since they call them “US Consumer Privacy Rights” and the form where you can request to access or delete your data lets you choose different states. And Samsung users in Europe have those rights by default thanks to their own privacy protection law, GDPR. If you want to exercise them, you can kick off the request by choosing your country here. Unfortunately though, Samsung doesn’t make that promise to all its users (even in the US) in their privacy policy. They say those rights are “subject to applicable law” so they’re not guaranteed no matter where you live. That’s a shame. And to put another damper on that potential silver lining -- completing that form to try and excercise your rights to have your data deleted is nearly impossible without a computer science degree. Again, Samsung, do better!

What could go wrong? Well, Samsung likes to show ads tailored to you through various ad networks, and say they do a lot of tracking of your online activities to do so. These little tags track the location of things you like tracked. They could help Samsung know you like to go bowling a lot, target you with ads for those ugly bowling shoes, you buy 8 pairs because, hey, why not, and then what are you going to do with 8 pairs of bowling shoes? OK, this is probably not likely, but also not impossible in our digital ad economy. Also, there are way worse things that could happen with all the huge amounts of data that Samsung collects on you. Especially given there not so great track record at protecting all that data.

Tips to protect yourself

  • Check the tips on how to know if someone is tracking you without your consent.
  • Use the Unknown Tag Search feature in Samsung SmartThings app, to be notified if you are being unwillingly tracked.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product since it combines data collected on you with data obtained from third parties including data brokers, shares personal data including location to third parties, and sells identifiers & online activity of users for cross-context behavioral advertising purposes. We also ding them for combining data they could receive about your from outside sources with all the data they already collect on you.

Samsung's Privacy Policy

"We may share your personal information with our subsidiaries and affiliates and with service providers who perform services for us. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may share your personal information with our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Services. This kind of sharing may be considered a “sale” under certain state privacy laws."

"We may obtain certain information about you from publicly or commercially-available sources and from third parties who perform services for us. We also may obtain other information about you, your devices, and your use of the Services, in ways we describe at the time we collect the information or otherwise with your consent."

"We may use and combine the information we collect about you from our Services with data from other services or features you use, your devices, and other sources as well as information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services."

"Through certain Services, both we and various third parties may collect information about your online activities to provide you with advertising about products and services tailored to your individual interests."

"We may use the personal information we obtain to:
[...]
• provide ads, which may include targeted (or interest-based) ads delivered on your Samsung device or within certain Samsung-branded apps (where targeted or interest-based ads are available, if you turn off targeted or interest-based ads, you will receive generic ads);
• support our marketing activities and sales initiatives, and provide you with product and service recommendations;
[...]
• operate, evaluate, and improve our business, including developing new products and services, managing our communications, analyzing our Services and customer base, conducting market research, aggregating and anonymizing data, performing data analytics, and undertaking accounting, auditing, and other internal functions;

CALIFORNIA CONSUMER PRIVACY STATEMENT

"During the 12-month period prior to the effective date of this Statement, we may have obtained personal information about you from various sources, including:
<...>
• data brokers;
• online advertising networks and services;
• publicly and commercially available sources (as permitted by applicable law);
• for our business customers and vendor representatives, your employer."

We may sell or share for cross-context behavioral advertising purposes (and may have sold or shared during the 12-month period prior to the effective date of this Statement) the following categories of personal information about you to or with online advertising services:
• Identifiers
• Online Activity"

"During the 12-month period prior to the effective date of this Statement, we may have disclosed the following categories of personal information about you for a business purposes to the following categories of third parties:
• Identifiers: affiliates and subsidiaries, joint marketing partners, business partners, ad networks, internet service providers, data analytics providers, social networks, and operating systems and platforms
• Device Information: affiliates and subsidiaries, ad networks and business partners
• Online Activity (such as Service usage): affiliates and subsidiaries, business partners, and data analytics providers
• Commercial information (such as purchase information): affiliates and subsidiaries and business partners
• Geolocation: business partners"

How can you control your data?

It is not clear if all users regardless of location can get their data deleted.

Samsung's Privacy Policy

"Subject to applicable law and to the extent applicable to each Service, you may (1) request access to, or correction or deletion of, the personal information we maintain about you; (2) request that we limit our use and disclosure of your sensitive personal information; or (3) opt out of the (a) sale of your personal information, (b) sharing of your personal information for cross-context behavioral advertising purposes, or (c) processing of your personal information for targeted advertising purposes. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain of your personal information that you have provided to us. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.

How to Submit a Request: To submit an access, deletion or correction request, click here or call us at 1-800-SAMSUNG (1-800-726-7864). To opt out of the (a) sale of your personal information, (b) sharing of your personal information for cross-context behavioral advertising purposes, or (c) processing of your personal information for targeted advertising purposes, click here or call us at 1-800-SAMSUNG (1-800-726-7864)."

What is the company’s known track record of protecting users’ data?

Needs Improvement

In April 2023, internal, sensitive data was leaked to ChatGPT from Samsung. As the result of the leak, Samsung banned use of generative AI tools at the company.

In early 2022, Samsung fell victim to the Lapsus$ cybergang, which boasted to have stolen 190 Gb of data from the tech giant. The data breach notice conspicuously notes that the breach “did not impact Social Security numbers or credit and debit card numbers.”TechCrunch asked Samsung if it collects and stores Social Security numbers and that this data is unaffected, but the company declined to say — only that the issue “did not impact” Social Security numbers. Samsung collects Social Security numbers as part of its financing options and as a requirement for users of Samsung Money.

In February, 2020, Samsung had a data breach on its UK customer account pages, affecting less than 150 people.

Child Privacy Information

Samsung account U.S. Privacy Notice
Children’s Section

This Children’s Section describes our personal information practices with respect to your child’s creation and use of a Samsung account, and the services and features available to your child (“Child Services”).

Information We Obtain From Your Child

When you first create a Samsung account for your child, we may ask you for certain information such as your child’s name, nickname, date of birth, gender, phone number, password and email address. When your child uses their Samsung account and the features and services available, we may collect information about your child’s device and connected devices and the Samsung apps, services and features they use. This information includes unique device identifiers, hardware, software, network (including connection and Bluetooth) and settings information, usage and log information (such as how long or when your child uses a certain device, app [including the list of apps installed on the device], service or feature, including third-party devices, apps, services, or features).

With a Samsung account, the following basic features will automatically be available to your child:

Samsung Cloud: Securely back up devices logged into with a Samsung account and sync data across Galaxy devices.
• SmartThings Find: Locate lost devices even when the device is not connected to a network, and protect data of lost devices.
• Group Sharing: Share a variety of content with family and friends on certain basic Samsung apps.
• Call & Text On Other Devices: Use your phone’s number to make and receive calls and texts on your other Samsung devices.
• Samsung Members:
o Quickly ask questions to customer service
o Connect with other Samsung account members on our Community Board

In addition, your child will be able to access the following Samsung apps through their Samsung account. Please click each app’s privacy notice (hyperlinked below) for information on how we may use and disclose the personal information we collect from your child through their use of the app.

Galaxy Store : Discover and download the best apps, as well as exclusive content and themes for your child’s Galaxy phone or tablet.
• Bixby Voice : Control services and features within Samsung devices using your voice.
• Galaxy Wearable : Use and control various Galaxy wearables, such as watches, bands and earbuds.
• SmartThings : Monitor and control connected devices within SmartThings, both inside and outside the home.
• Samsung Health : Track various types of fitness and health, such as nutrition and exercise.
• PENUP : Learn how to draw and enjoy coloring with various categories of coloring design.

Through the above features and apps, Samsung may collect the following information about or from your child:

Synced data, such as information we save for back-up purposes or that your child may choose to save to our cloud
• Contact lists when your child uses a certain feature that requires this information, such as the use of Group Sharing or certain capsules on Bixby Voice
• Downloaded, recommended, or played apps or games through or from the Galaxy Store, including when such apps are downloaded, installed, or deleted, as well as when your child starts, resumes, suspends, or finishes games or completes certain events within these games (e.g. tutorials)
• Information that gets passed through our servers to provide your child a service, such as calls and messages when providing the “Call & text on other devices” service
• Videos and images if your child connects a camera or other device through SmartThings that permits the taking of videos and images
• Information that gets provided to us and communications between your child and us or third parties, such as when your child contacts customer service or uses our Community Board
• Voice information, such as when your child makes voice commands using Bixby Voice
• Geolocation information
• Health information when your child uses Samsung Health and when a particular feature requires the collection of health information.

For child users with a Samsung account, Samsung enables children to make their personal information available publicly, for example, through postings to message boards.

We may use third-party analytics services on the above services, such as Google Analytics and Firebase Analytics. The information we obtain may be disclosed to, or collected directly by, these providers and other relevant third parties who use the information, for example, to evaluate the use of the above services or to help administer them. To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/. To learn more about Firebase Analytics, please visit https://firebase.google.com/policies/analytics/.

How We Use Your Child’s Information

We may use the information collected from your child for the following purposes:

To identify and authenticate your child so your child can use the Child Services
• To provide any of the Child Services, including any of their features. Such features may include syncing data, providing a location-based service such as finding a lost device, sharing information to other Samsung account users and other features available within the Child Services
• To improve and customize your child’s experience with the Child Services, such as delivering content and responses tailored to your child and the way your child interacts with the services and features
• To allow your child to interact with and use participating Samsung and third-party apps and services (such as when using a third-party service through one of the Child Services)
• To respond to requests, inquiries and instructions made through or about the Child Services
• To operate, evaluate and improve our business, including developing new products and services, managing our communications, analyzing our services and customer base, aggregating and anonymizing data, performing data analytics and undertaking accounting, auditing and other internal functions
• To protect against, identify and prevent fraud and other criminal activity, claims and other liabilities
• To comply with and enforce applicable legal requirements, relevant industry standards and our policies

Information Sharing of Children’s Information

We may share your child’s personal information with our subsidiaries and affiliates, as well as with service providers who perform services for us. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may share your personal information with our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Child Services.

We may share personal information we collect through the Child Services if you ask us to do so, or otherwise with your consent. We also may disclose information about your child in other circumstances, including:

To law enforcement authorities, government or public agencies or officials, regulators, and/or any other person or entity with appropriate legal authority or justification for receipt of such information, if required or permitted to do so by law or legal process
• When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity
• In the event we may or do sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation)

In addition, certain operators may collect or maintain your child’s personal information through your child’s use of their Samsung account and the Child Services. For a complete list of operators, including contact information for inquiries, click here.

Parents’ Rights

You have the option at any time to review or delete the personal information collected from your child. You may do so by submitting a request here.

You can also refuse to permit the further collection or use of your child’s personal information by deleting your child’s Samsung account. To do so, have your child log in to their Samsung account (https://account.samsung.com/membership/intro) then click “Leave Samsung account”. For certain services like Bixby Voice, Galaxy Wearable, SmartThings, or Samsung Members, you can go into your own Samsung account settings > Family > Select your child’s account > Allowed apps.

SAMSUNG PRIVACY POLICY FOR THE U.S.
Unless otherwise specified, the Services are designed for a general audience and are not directed at children. In connection with the Services, we do not knowingly solicit or collect personal information from children under the age of 13 without parental consent. If we learn that we have collected personal information from a child under age 13 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 13 may have provided us with personal information without parental consent, please contact us as specified in the How To Contact Us section of this Privacy Policy.

Can this product be used offline?

Yes

User-friendly privacy information?

No

Trying to find, navigate, read, and understand Samsung's various privacy policies is a nightmare.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

  • The Galaxy SmartTag2 is here with big improvements but still limited to Samsung devices
    Android Police
  • Samsung's New $30 SmartTag 2 Takes On Apple AirTags
    CNet
  • Samsung Bans Staff’s AI Use After Spotting ChatGPT Data Leak
    Bloomberg
  • Samsung bans use of generative AI tools like ChatGPT after April internal data leak
    TechCrunch
  • Galaxy users, take note: Samsung's probably selling your data
    JR Raphael
  • Samsung SmartThings Update Aims to Prevent Tracker-Based Stalking
    MacRumors
  • Samsung cops to data leak after unsolicited '1/1' Find my Mobile push notification
    The Register
  • I found my stolen Honda Civic using a Bluetooth tracker. It’s the latest controversial weapon against theft.
    The Washington Post
  • 5 Best AirTag Alter­na­tives for Android Users
    Guiding Tech

Comments

Got a comment? Let us hear it.