Google’s Home, Home Mini and Home Max place a futuristic virtual assistant in your home at a cost ranging from $49 to $399 — and your privacy. Google’s microphone-equipped speakers are packed with the Google Assistant, which can answer search queries, play songs and more. To summon the virtual assistant, the device is always listening for you to say, “OK, Google” or “Hey, Google.” Every sound following those two words gets sent up to the company’s cloud, except in the case of one Google Home reviewer’s unit.
In an Android Police review of the new Google Home Mini, writer Artem Russakovskii noted the speaker was recording him more than it should. What started out as one or two accidental wake-ups of the assistant turned into the Google speaker listening in 24/7, denoted by the indicator lights.
A video from the review shows the speaker turning on, despite Russakovskii never having said the magic words.
Google has since issued a response to this problem in the form of a support page. Its fix: Remove “top touch functionality,” which lets the user tap the top of the device to bring the assistant to attention. While owners of the Home Mini can no longer use that function to wake up the assistant, they can still say, “OK, Google” or “Hey, Google” to begin a query.
In an response sent to Mic via email, the Electronic Frontier Foundation noted that users should pay close attention to the potential risks of these gadgets.
This event should serve as a warning to users: Internet-connected devices, including ‘home assistants,’ inevitably pose a range of privacy and security risks. Tech companies must provide strong privacy protections to prevent these incidents and be held accountable when they flub it. We also need strong protections for security researchers so they can detect vulnerabilities in the technologies that we all use every day.
Google has done this before
Google was quick to correct its privacy overreach, but this isn’t the first time the company has collected more data than originally thought.
In 2010, it was discovered that Google’s street-mapping service searched through unsecured Wi-Fi networks to collect user data such as browser history, emails, financial records and more. The scandal, eventually known as Wi-Spy, was a breach of the Communications Act and the Wiretap Act.
The company admitted it made a mistake, but also said it was “not illegal to intercept data from unencrypted or non-password-protected Wi-Fi networks,” according to Wired.
The Wi-Spy scandal continues to haunt some of the company’s more recent projects, like Pokémon Go. While the game is made by Niantic Labs, Google is an investor in the company; Niantic CEO John Hanke was formerly the lead of Google’s Geo group, during which he oversaw everything from Google Maps and Google Earth to how the Street View collected data (and more) during the Wi-Spy scandal.
The location-based game ran into its own privacy problem when Niantic required full access to the Google accounts of Pokémon Go players, allowing them to read emails.
The bug making Android Police’s Google Home Mini unit eager to eavesdrop affected both Russakovskii’s device and those belonging to other reporters. However, Google’s quick response to the issue demonstrates that it is taking customer privacy very seriously — or, at the very least, shows that the company is listening to its users.