Wyze Robot Vacuum

Warning: *privacy not included with this product

Wyze Robot Vacuum

Wyze
Wi-Fi

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

LiDAR! Everyone needs a vacuum with LiDAR! LiDAR is basically a spinning laser on top of your vacuum that spins around 6 times a second mapping out your home to 2,016 points in your room. Cool! LiDAR mapping is generally a safer bet than cameras in your home. However, researchers found that LiDAR robot vacuums can be hacked and used to spy on voice conversations, even without a microphone. Creepy! The Wyze App allows users to set virtual boundaries to keep the vacuum away from off-limits areas. Want to vacuum while you are away from home? Use the app to track your vacuum in real time as it cruises around your house. So, how is Wyze as privacy and security? Well, not so great we're afraid.

What could happen if something goes wrong?

Oof, Wyze! What happened? You went from being a fairly OK, affordable smart home company to quite a questionable one in just a couple of years. Not good. In fact, we must warn you that some Wyze products -- particularly their security cams -- likely come with *Privacy Not Included.

Let's start with Wyze's last couple of very checkered years when it comes to security and protecting the sensitive personal information their security cams can collect through video and audio. First, in 2022, security researchers at publication Bitdefender "found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.

That was in 2022, and then again in 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras. All this, on top of Wyze's massive data leak in 2019 that exposed the personal information of 2.4 million customers when they left a database unprotected for 22 days.

So, Wyze's security cameras have a pretty bad track record at security and privacy. That's not good. What about Wyze's privacy policy for their other smart home devices? Is it any better? Not really. Wyze says they can collect a ton of information on you -- lots of personal information, usage information when you use their devices, tracking information, and they even say they can gather more information about your from third party sources. They say they can use all this information to do things like build inferences on you to target you with advertising. And, they say that they can share and even "sell" (under the California privacy law CCPA definition of sell) some of your personal information -- including personally identifying information and inferences about you -- to third party advertisers for targeted advertising purposes. Not very private at all.

Wyze also says they can share de-identified or aggregated information with third parties, which is pretty common and not always a concern. Although it’s a good time to remind you that it’s been found to be pretty easy to re-identify some types of de-identified data and track down an individual’s patterns, especially with location data.

On top of Wyze's bad track record and not-so-great data collecting and sharing policies, Wyze has a few more privacy gripes we'd like to pick. First, Wyze doesn't guarantee everyone the right to have all this data they collect you deleted. They also don' make any mention of how they handle children's data in their privacy policy, which is really bad form. Also, they straight up seem to make claims that aren't factual on the Data Safety page for the Wyze app in the Google Play Store, when they state that they don't share data with third parties (according to their privacy policy, they do) and that the app doesn't collect any user data (pretty sure it does). (Sidenote: The Google Play Store Data Safety pages have a whole host of problems we talk more about here.) Oh, one more thing we found that raised our eyebrows as we were looking into Wyze -- they Wyze app you use to control Wyze's smart home devices asks for permission to read your text messages (and control your flashlight). That seems a bit weird to us. We're not sure we want Wyze to read out text messages...or control our flashlight. None of these privacy no-nos makes us feel great about Wyze's privacy practices.

So, what's the worst that could happen? Well, the worst probably already has happened for those poor Wyze users whose cameras were exposed and open to strangers on the internet to spy inside their home without their knowledge. That is very bad. Unfortunately Wyze seems to have gone from an affordable smart home company without too many privacy and security issues, to one of the worst offenders on the market with recurring issues. Our recommendation is to beware that your Wyze smart home devices could come with *privacy not included.

Tips to protect yourself

  • Review Wyze's recommendations to keep your account secure
  • Check Wyze security & trust tips
  • Be very careful who you chose to share your Wyze wellness data with.
  • Don't connect your Wyze app to any social networks like Facebook.
  • Enable two-factor identification
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for collecting information about you from third party sources to use for targeted advertising purposes and for the sharing and potentially "selling" personal information to third parties for targeted advertising purposes.

Wyze Privacy Policy

"....we process personal information to understand and improve your experience with our Services and to serve you advertisements on non-Wyze properties. Some of these activities may be considered “sales” or “sharing” of your personal information or “targeted advertising” under the law that applies to you. Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your personal information."

"California requires certain disclosures about Personal Information we “sell.” Under California law “sale” means certain scenarios in which Wyze has disclosed Personal Information with third parties in exchange for valuable consideration. In addition, California and other state privacy laws define “sale” to include disclosure of Personal Information with third parties for monetary consideration. Under California law, the “sharing” described below constitutes a “sale.” Accordingly, Wyze “sells” Personal Information as described in the Sharing section below."

"We may also use the information we collect to: ...
Personalize your experience with us; ...
Target advertisements to you on third-party platforms and websites ...
Target advertising to you when you use our Services based on information provided by our advertising partners ...
Create de-identified, anonymized, or aggregated information; and
Carry out any other purpose described to you at the time the information was collected."

"We obtain information about you from other sources. For example, we may collect information from publicly available sources, from third-party platforms through which you interact with us, and other third parties in connection with your purchase of or feedback regarding any of our products or services via those third parties. This information includes information about your purchase of a Device, information from reviews you post, your username and profile picture for those third-party services, and demographic information."

"We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior and past purchases."

"We may disclose aggregated or de-identified information that cannot reasonably be used to identify you. Wyze processes, maintains, and uses this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law."

"Location Information
When you first launch our mobile app, you will be asked to consent to the app’s collection of precise location information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. If you do so, our mobile apps, or certain features, may no longer function properly. You may also stop our collection of this information by deleting our app from your mobile device."

How can you control your data?

It is unclear if all users regardless of location can get their data deleted.

Wyze Privacy Policy

"Depending on where you reside, you may have the right to (1) request to know more about and access your personal information, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information."

"We store personal data associated with your account for as long as your account remains active. If you close your account, we will delete your account data within 30 days; otherwise, we will delete your account data after three years of inactivity. We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Privacy Policy."

"You may update certain account profile information you provide to us by logging into your account. If you wish to delete your account, please email us at [email protected], but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time."

"When you first launch our mobile app, you will be asked to consent to the app’s collection of precise location information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. If you do so, our mobile apps, or certain features, may no longer function properly. You may also stop our collection of this information by deleting our app from your mobile device."

What is the company’s known track record of protecting users’ data?

Bad

In 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras.

In 2022, cybersecurity publication Bitdefender reported that their security researchers " found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.

In 2019, a massive data leak happened at Wyze, exposing information from 2.4M customers.

Child Privacy Information

We could find no mention of children specific data privacy policies in Wyze's privacy statement. This is not good.

Can this product be used offline?

No

User-friendly privacy information?

No

Wyze's Privacy Policy lacks a lot of information and can be confusing at times. There was also no mention of any child specific data privacy policies, which is not good.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

You can submit security vulnerabilities to Wyze: https://wyze.com/security-report

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Person detection through computer vision implementation.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.