If you have a smart speaker like the Amazon Echo or one of Google's Home devices, you should think twice about installing supplementary apps, Lifehacker writes. The is because vulnerabilities in those devices, which could allow phishing or eavesdropping by a "malicious developer," have yet to be fixed. You could therefore be potentially allowing important security info to be stolen. These unethical developers have ways of getting around Amazon and Google's security reviews, including inserting common trigger words like "goodbye" to start recording you, and then sending the data back to them. Luckily, there are three things you can do to keep your smart speaker from spying on you:
- Stick to skills and actions from known developers who are already vetted.For example, get your sports skills from ESPN, or some other known sports quantity. Check the reviews, and avoid a skill from some random place that was just created last week.
- Look at your smart speaker from time to time. Don't just assume that the end of a response, like a dinging sound, means that your speaker is done processing. Learn what your device's physical signals actually are, and then test it with third party apps. If it stays active in some weird way when it shouldn't, then something may be off.
- Prune you skills and actions. Get rid of stuff you never use, or at least remove their ability to access your device or account. Don't let unused integrations pile up.