Update Dec 21, 2022: Eufy has issued a new statement regarding claims against the company.
What you need to know
- Eufy has begun removing and changing the wording of its own privacy and security policies from its website.
- The company has yet to fully address security issues found over two weeks ago.
- Eufy previously had camera footage privacy breaches in May 2021, further compounding issues with the company's products.
Over the past month, Eufy has gone from a darling brand of many tech sites and mainstream outlets — including Android Central — to a brand whose trust evaporated nearly overnight. After the events of late November and the previous year's similar issues, Android Central moved to an official "no recommendation" stance on Eufy products.
We're now upgrading that to a warning that Eufy users should remove all Eufy cameras they have set up on their premises. We have a list of the best Eufy camera alternatives if you want to replace them with something more reputable, including recommendations for price, local storage, and object detection requirements.
Why did the recommendation change? It's come to light that Eufy has begun removing security and privacy promises from its own website instead of actually addressing the issues put forth against the company's products (per The Verge). If you view the company's website on archive.org and then compare it with the current Eufy Privacy Commitment page, you'll notice several parts of the site have been changed. Here's a collection of all the major changes we found:
Among the many changes on Eufy's Privacy Policy site, we found these three to be the most heinous. Some of the wording on many of the company's policies seems to have been changed to enhance clarity but these three examples are outright changes to policies, not just clarifications.
Additionally, Eufy completely removed the policy around sharing footage with law enforcement entirely.
As Eufy has begun to change its promises and backtrack on company policies, Android Central is officially recommending that Eufy users begin sunsetting their Eufy cameras as soon as possible. The company has not responded to Android Central's requests since after the initial November incidents which already sends up red flags about Eufy's behavior.
Additionally, changing key terms of service or privacy and security commitments completely erodes any remaining trust in the company's products. Even if these policy changes don't bother you right now, there's no telling what else Eufy will backtrack on or what it might change in the future.
Update
Eufy has issued a new statement outlining the claims made against the company's products and, in detail, attempted to explain everything that's been happening over the past month since the original allegations of security issues appeared.
Firstly, Eufy notes that it has fixed the language in its app to show when cloud services are being used and when data is being kept on local storage. This was done shortly after our initial post in late November.
Second, Eufy says it patched the issue with its web portal that allowed anyone to view live camera feeds with the right URL. We have not independently verified this but will do our best to do so.
Third, Eufy overhauled the process in which facial recognition images are sent from the camera to a user's phone. Previously — as was noted in our initial report and Paul Moore's proof of concept — Eufy sent a facial recognition image to its AWS cloud system in order to send a notification with that image to a user's devices.
Now, Eufy says its system establishes a private P2P connection between your camera and your phone via the Eufy Security app. Again, we'll need to verify that this is the case but, if it proves to be correct, this is a substantial improvement in user privacy and data safety over the old method.
Google's Nest Cam (battery) offers months-long battery life, onboard people, package, animal, and vehicle detection, and free 3-hour video history without the need for a subscription.
