UK consumer champion Which? wants you to know that your air fryer might be spying on you and sharing your data with third parties for marketing purposes.
The perhaps not-so-surprising findings from the buyer’s friend are that smart devices in general are engaged in surveillance of their owners, and that data collection often goes “well beyond” what is necessary for the functioning of the product.
Although Which? is a UK organization – a wholly owned subsidiary of the Consumers’ Association – its findings will apply just as much to devices sold in other countries.
Testing out products across four categories, the outfit discovered that all three air fryers it looked at wanted permission to record audio on the user’s phone, for no specified reason.
One wanted to know gender and date of birth when setting up an owner account, while the Xiaomi app linked to its air fryer was found to be connected with trackers from Facebook, Pangle (the ad network of TikTok for Business), and Chinese tech giant Tencent.
Air fryers from brands Aigostar and Xiaomi both sent the owner’s personal data to servers in China – although this was flagged in the privacy notice, for what it’s worth.
This prompts the obvious question: why the heck would you want an air fryer that connects to other devices?
The other categories of hardware that Which? looked at were smartwatches, smart speakers, and smart TVs.
Its analysis of smart speakers praised the Amazon Echo for offering the option to skip various requests to share data. However, an Amazon or Google account is needed to use the Echo Pop or Nest Mini, and while these have trackers that the researchers expected to see, users cannot selectively opt out of them.
Which? said that the Bose Home Portable speaker and app requested the fewest upfront phone permissions, but was found to be “stuffed with trackers,” including Facebook, Google, and digital marketing firm Urbanairship.
For those masochists interested in a smartwatch, the researchers found that two available from Amazon – Kuzil and WeurGhy – are essentially the same product. These required privacy consent to operate, only functioning as a plain watch if consent is declined.
Huawei’s Ultimate smartwatch also requires privacy consent to work properly, and requested no fewer than nine “risky” phone permissions. These are defined by Which? as those that confer intimate access to certain phone functions, including precise location, the ability to record audio, access to stored files, and an ability to see all other apps installed.
Which? reports that smart TVs are “littered with ads and thirsty for user data.” It found that Hisense and Samsung TVs required a postcode at setup, though both companies said it was only for content localization. Samsung claimed supplying a postcode was not mandatory but the researchers said that it appeared otherwise.
We need to talk about criminal adversaries who want you to eat undercooked onion rings
Samsung’s TV phone app also requested eight risky permissions, including being able to see all the other apps installed. The app from Hisense did not appear to connect to any trackers, while Samsung and LG linked to a number of them, including Facebook and Google.
All of the devices on test wanted to know the precise location of the user, the researchers found.
“Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency,” said Which? magazine editor Harry Rose.
In the UK, the Information Commissioner’s Office (ICO), which oversees data protection, is due to publish new guidance for smart products sometime in spring 2025.
However, as Which? states, this must be backed by effective enforcement, including against companies that operate abroad. ®