Wyze App appears to be sending tracking data to 3rd party. what is exactly?

I’ve started using Duck Duck Go’s app tracking on Android to see what my apps are sharing with different trackers and have discovered that Wyze sends tracking data to a 3rd party segment.io. Can you please explain exactly what information you are sending to segment.io from my wyze app and how this data is used or shared?

Recently Apple introduced App Tracking Transparency, a feature for iPhones and iPads that asks users in each app whether they want to allow third-party app tracking or not, with the vast majority of people opting-out. However, most smartphone users worldwide use Android, where no similar feature exists.

You can read more about DDG’s app tracking here: Introducing DuckDuckGo App Tracking Protection for Android

1 Like

Here you go.

3 Likes

At this point I’d rather see Wyze staff do a literal song and dance number (like Singing Detective) than offer more token-open disclosure.

They upload our user data to another county. And have been sued for it. The company and plaintiffs settled for a free wyze cam and be more diligent about security.

Source? Link?

 


 

Think he’s talking about the ThroughTek servers they later excluded?

Maybe so, maybe no. @Lm231 ?

It’s been a few days since anyone commented on this, and I do see where there was a response to data collection back in the middle of 2020.

But I just got my beta invitation to DuckDuckGo’s app tracking blocker on Friday the 28th, and Wyze is by FAR the worst offender of any app on my phone with respect to the number of blocked events.

In less than three full days, there have been 5,157 attempts to send data from my Wyze app to Segment.io, as compared to just 10 attempts total by the Wyze app to send data to Braze.

Thing is, I’ve only opened the Wyze app maybe twice in those three days. Granted, I have notifications turned on, so that may have something to do with it… But still, an app trying 1,800 times per day to send data out from my phone is concerning, even if most of those attempts might be just retries because it can no longer get through. Trying again in 10 or 15 minutes, I understand, but not nearly every 45 seconds.

I test mobile apps and firmware for a living. While apps aren’t my strongest area, I know what data we collect and it’s only when the app crashes, and is limited to the actions the user took on their way to when the crash occurred and the details of the crash itself. I can count on one hand the average number of such reports we get in the course of a month.

Maybe it’s innocuous, maybe not, but now that the curtain has been drawn back on that behavior, it’s not a great look. Perhaps someone can explain without PR spin why it is that the Wyze app seems to need so desperately to send data out to Segment.io? I admit to being quite curious about the answer.

1 Like

You should contact security@wyze.com for an explanation.

@Chief @dyker

If possible, give us a heads-up if you contact wyze security and they respond. I’ve been experimenting with the DDG beta utility and I’m getting tens of results (versus thousands) to the same trackers per day.

Just reporting, I understand YMMV… :slight_smile:

I take a rather aggressive approach to privacy.

My Macs haver LittleSnitch on them, which requires permission by application for each domain.

I opened that thurrott article in a private window, and in addition to itself, it loaded bootstrapcdn (not that rare), and multiple hits to tinymce.com,

I have most of the major trackers blocked, so I couldn’t tell you offhand if it tried to load any of those.

And the “privacy” browsers aren’t always what they seem. In spite of claiming to have removed the “chrome phoooone hoooome” to google stuff, even with nothing loaded, it makes several attempts an hour to go to naked IP addresses that resolve to google domains.

it is unfortunately and inexplicably common for sites to use an intermediary such as nursam(?) on the way to package tracking.

2 Likes