I got an REV Ritter remote-controlled power switch for my birthday. Wohoo! I had some of these remote-controlled switches about 10 years ago but they were RF-controlled. They’ve long since passed-away(take note if you’re investing in home automation electronics. 10 years goes by very quickly.) This one is WiFi controlled and has an app called G-Homa by a company based in China – Everflourish Electrical. There’s a problem though. A big one. Privacy alert!
We’re almost talking Internet of Things here but not quite because this WiFi power switch only works on a local network. Actually that’s fine by me because I don’t want a gateway to my lighting or heating being exposed to the Internet. The problem here is that the application goes completely overboard in asking for permissions that are just not required. Remember, this is a device that someone has already bought and there’s no indication on the package that the application that enables the use of the switch requires locations data, access to images, identity, media files, camera, my locations and even my device ID. YOU HAVE GOT TO BE JOKING Everflourish Electrical!
Here’s a nice line from their privacy policy:
“If you consent, certain apps may collect information about your location. If you do not want this information collected, do not consent…”
Can I just add that if you don’t consent, you can’t use the product you already bought!!!
Note that personal data collect may be shared with ‘business partners’, ‘authorized third-party agents’, ‘service providers’. ‘government’ (one must assume the Chinese government)..Well, there’s a loophole for everything in there!
This is not the end of it. This application, that requires just local network access, is also asking me to register my email address and a password on their website.
I nearly fell over when I saw that.
What is this company up to? It’s typical of a lot of apps and it applies across the board (although I feel that Android apps are the worst.) The reason? Most likely laziness. Likely a thought about future features and sometimes, nefarious reasons. That data is worth money and can help plan future products and marketing.
But it’s not required and over steps the mark. I will not let you know where I’ve installed my WiFi-controlled power switch and whether it’s on or not. Why the heck do you need access to my images. No doubt there’s a WiFi camera in the works that needs to relay images. That’s fair enough when I buy that product but I will not install a proxy into my device ID and call details, location and identity, my identity!, for a company that I’ve never even heard of before, that operates out of China!
And you shouldn’t too. G-Homa is one example but there are many others so be careful when you install apps. Check permissions and if it doesn’t feel right, don’t install the app. Send an email to the company to let them know what you think (and to give them a chance to explain) and return the product.
One good thing came out of this though – I learnt something about home automation. It’s possible that G-Homa is using the open-source HomA / MQTT solution. In which case I might be able to set up a local ‘broker.’ Looks like I’ve got a little project ahead of me, but I won’t be controlling my devices by WiFi today!