Why Apple needs HomePod to be as safe as houses

Before connecting an Apple HomePod or any smart home device, you must first think about privacy and security.

Apple, HomePod, iOS, security, privacy

I’ve been using a HomePod system this week. I’m planning to write more about it, but today I wanted to discuss what everyone considering connected smart home devices should think about first: privacy and security.

Your life on view

Smart home devices communicate with each other.

They also communicate with their manufacturers, and this means significant insights can be gathered by anyone who succeeds in monitoring this informational flow.

The best report I’ve read explaining the potential consequences of the kind of information revealed by this data is here. (It’s a shame more in the tech industry aren’t willing to explain these risks. I think they are being irresponsible at best.)

Among other smart home horrors, the article describes a situation in which a video security camera picked up images of a person in their home and broadcast them online in a format in which anyone with access to that data (such as your ISP) could then see. (This wouldn’t happen in a HomeKit home, as p.27 of Apple’s recently updated iOS Security White paper confirms.)

Taking control

The problem is control. You may own the smart device, but you do not get to control what information is being shared by it, and you aren’t given any insight into this when you purchase the thing.

That’s not the case with HomePod.

Apple has made sure you do know what the privacy consequences of the product are. It has also provided several ways you can control security and privacy using the device.

When you ask Siri something, Apple’s systems will share only as much personal information as is required to achieve the request.

Not only that, but unlike other smart systems, Siri is not listening to and recording everything you say — only when you ask it something with the trigger phrase “Hey, Siri.”

That’s a big difference. Information held on Amazon’s servers is not anonymous, while Google Home data is stored until a user actively deletes it from their account.

Critics claim Apple is missing a competitive advantage because it doesn’t aggregate all the customer data it could potentially collect.

I don’t agree.

Apple is creating a far more powerful advantage in the long term.

How does Apple HomePod work?

Apple has provided protections to limit what HomePod does hear and then applies further limits on how that data is kept, stored and shared.

“Privacy and security are of utmost importance to our customers. Siri on HomePod is equally as private and secure as it is on our other devices. The detection of “Hey Siri” happens on device, so nothing is sent to Apple until that trigger is detected and the Siri waveform lights up. At that time, the request is sent to Apple using an anonymous Siri ID, and, of course, that communication is all encrypted,” the company says.

There’s more to this.

User voice recordings are saved for six months to help Siri get better at recognizing your voice. “After six months, another copy is saved, without its identifier, for use by Apple in improving and developing Siri for up to two years,” it explains in its iOS security white paper.

“A small subset of recordings, transcripts, and associated data without identifiers may continue to be used by Apple for ongoing improvement and quality assurance of Siri beyond two years.”

There are a number of other built-in privacy protections in HomePod.

You can switch Siri off entirely — just ask Siri to “Stop listening” and it will be switched off until you manually enable it again. You can also create HomeKit “Scenes” that disable the feature, and — unlike some other so-called smart speakers — HomePod is not listening to and recording every word you state.

Notes about HomePod setup

When setting up your HomePod, there are some important things to consider:

  • During the setup process, you can decide how to handle what the system calls Personal Requests. Turn this on, and anyone in range of the system will be able to access and send text messages, create notes, reminders and other tasks — but all these Personal Requests go through your account. If privacy matters to you, you’ll want to disable this.
  • The system only works on the iCloud account belonging to the person that set it up. When it comes to sending messages, contacts and other information, you can decide to let everyone do so or no one at all. Siri will call out notifications, including text messages and calendar appointments, only when the registered Apple ID owner is on the same network as the HomePod, but you can choose to disable this feature.

Apple has also created tools you can use to limit AirPlay playback on HomePod. Open the Home app on your iOS device, and you can control who can stream sounds to the speaker:

  • Everyone
  • Those on the same network
  • A defined set of people

Safe as houses

Apple is very serious about the smart home.

I hear it has built smart rooms at key locations in which it discusses some of its offerings in the space. These spaces include things like smart blinds, smart kitchen equipment and more. The company knows the challenges of smart connected devices, and it seems quite clear that it is looking to build smart home systems that provide privacy and security, as well as convenience.

HomePod is a poster child for the company’s growing smart home vision.

“Our vision is you can just walk into a room, the Homepod will be there and you can just say turn on the lights, close the curtains and whatever you like to do and it will do that. It has a very important role to the smart home in the future for Apple,” said Phil Schiller in 2017.

Apple’s focus on privacy within smart homes is only going to become more important. Customers are not stupid.

Word spreads over time, and one of the conversations consumers are having will be privacy and security in the smart home. (As well as the actual hassle of building, deploying and managing one of those electric palaces.)

As consumers (and enterprise users) grow to understand the risks of this connected infrastructure, public opinion will harden against those firms in the space that do not deliver the kind of privacy and security they expect in their offices and homes. Giving them anything less is not just a disservice to those customers, but utterly irresponsible — and guarantees those customers won't come back.

Apple's recognition of this is why HomePod wins the long game.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?

Got a story? Please drop me a line via Twitter and let me know. I'd like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.

Copyright © 2018 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon