Smart devices are meant to simplify everyday life, but an investigation by Which? shows many popular products collect far more personal data than users would expect. From air fryers and smartwatches to speakers and TVs, these devices sometimes request invasive permissions, send data to remote servers, or embed third-party trackers—often with limited transparency. Below is a summary of the findings and the privacy risks associated with several common smart products.
Aigostar Smart Air Fryer
Credit: Instagram
During setup, the Aigostar smart air fryer requires users to provide gender and date of birth—details that are unnecessary for the appliance’s core cooking functions. Its privacy policy also indicates the device sends data to servers in China, a fact many users are unlikely to notice. Overall, the app requests excessive permissions for a device whose primary role is to cook food.
Xiaomi Mi Smart Air Fryer
Credit: Instagram
Xiaomi’s smart air fryer connects to major tracking services such as Facebook, Tencent, and Pangle, and the Xiaomi Home app requests location access and microphone permission. Xiaomi states mic access does not apply to that air fryer model, yet the permission prompt still appears during installation. The presence of large ad and analytics trackers raises concerns about how much user data is shared beyond the device maker.
Cosori CAF-LI401S Air Fryer
Credit: Instagram
Cosori’s Wi‑Fi-enabled fryer tracks location and transmits data to remote servers. The company points to GDPR compliance, but GDPR protections don’t automatically extend to regions without equivalent laws like the U.S. where alternatives such as CCPA or explicit user opt-ins matter. Many users would consider the requested data excessive for a kitchen appliance.
Huawei Smartwatch Ultimate
Credit: Instagram
The Huawei Smartwatch Ultimate requests nine high‑risk permissions, including audio recording, GPS location, and access to phone files. While the company argues these permissions support health and fitness features, a device that can access heart rate, location, and personal files can begin to feel more like a surveillance device than a simple wearable.
Kuzil Smartwatch
Credit: Youtube
Kuzil watches provide little information about security updates and rely on granting extensive permissions to function. Sold through mainstream marketplaces, they appear to be generic rebrands lacking strong support or clear privacy practices. If a user declines permissions, the watches often lose most smart features and revert to basic timekeeping.
WeurGhy Smartwatch
Credit: Youtube
Functionally and visually similar to Kuzil models, WeurGhy watches also require acceptance of all permissions to operate properly. Which? researchers could not locate firmware update information or a reliable support channel. The lack of transparency and inability to operate without invasive permissions suggest these products prioritize quick sales over user privacy.
Hisense 40A4KTUK Smart TV
Credit: Youtube
The Hisense TV does not appear to embed third‑party trackers, but it asks for a full postcode during setup. Hisense says this is used to provide localized content, yet requiring a detailed postal code is unnecessary for basic TV use. Compared with others in the group, it scored better on tracker use, though mandatory location details remain a concern.
Samsung EU43CU7100KXXU TV
Credit: Instagram
Samsung’s accompanying app requests multiple high‑risk permissions, such as the ability to view other apps installed on the device. The TV’s software also contains Facebook and Google trackers. Samsung notes users can manage shared data, but the controls are only effective if users know where to find them and what to change.
Amazon Echo Pop
Credit: Instagram
The Echo Pop offers options during setup to limit certain data sharing, which is a helpful feature not commonly found on all devices. However, the device still requires an Amazon account—one that integrates Amazon’s own tracking and data collection. Users can manage and delete voice recordings, but doing so requires actively changing account and privacy settings.
Google Nest Mini (2nd Gen)
Credit: Instagram
Use of the Nest Mini requires a Google account, and there is no straightforward way to opt out of data collection by default. Google points to Guest Mode as a privacy option, but it is not enabled automatically. Unless users proactively adjust settings, audio data, usage patterns, and other interactions are likely collected.
Bose Portable Home Speaker
Credit: Instagram
Bose’s speaker requests fewer upfront permissions than some rivals but still includes multiple trackers—such as Urban Airship, Facebook, and Google—within its ecosystem. The company’s approach to obtaining explicit user consent could be clearer, and simply using the Bose app may result in more data being shared with advertising networks than users realize.
Xiaomi Home App
Credit: Youtube
Beyond individual devices, the Xiaomi Home app itself includes aggressive tracking elements. Depending on the region, connections to Pangle and Tencent have been observed. The app can request microphone access even when voice features aren’t enabled, and Xiaomi’s privacy statements mention data sharing without always making clear how intrusive some permissions can be in practice.
Smart Light Bulbs
Credit: pexels
Budget smart bulbs from makers such as Gosund and Nooie have been flagged for collecting more data than necessary. Some models ask for location access merely to switch lights on and off, and their companion apps often include several third‑party trackers. Additionally, many of these vendors do not clearly state how long device updates or privacy protections will be maintained.
LG 43UR78006LK TV
Credit: Instagram
LG allows users to skip entering a postcode, but its platform still integrates with trackers such as Facebook and Google. The company declined to comment on some of the privacy questions raised by researchers. Audits showed that smart TVs commonly display targeted ads and use viewer data to personalize advertising, which increases the amount of personal information processed.
Smart Baby Monitors
Credit: Instagram
Several internet‑connected baby monitors, including some models from VTech and iBaby, have been found lacking in basic security. Issues highlighted in audits include weak default passwords, unencrypted video streams, and misconfigured cloud access, allowing unauthorized viewing. A 2023 Consumer Reports study demonstrated that, in some cases, hackers could access live feeds. Many manufacturers also fail to provide clear information about how long recordings are stored on cloud servers, increasing privacy and safety concerns for parents.
Overall, the Which? investigation underscores how many smart devices collect sensitive information or include tracking elements that go well beyond their core functions. Consumers should review device permissions, app settings, and privacy policies carefully, and consider whether the convenience of connected devices justifies the personal data they may share.