Chinese Air Fryers May Be Spying on Consumers, Which? Warns

Written by

A consumer rights group has warned UK shoppers to research their next electronics purchases carefully, after finding evidence of “excessive smart device surveillance” from Chinese air fryers and other products.

Which? claimed that smart air fryers from Xiaomi, Cosori and Aigostar all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone.

The Xiaomi app linked to the smart device also connected to ad trackers from Facebook, TikTok’s Pangle ad network and Tencent, depending on the location of said user, the report claimed.

It also said that Aigostar wanted to know the gender and date of birth of the owner when setting up an owner account, and that both it and Xiaomi sent personal user data back to servers in China.

However, Cosori received the worst privacy score (41%) as it was marked down on consent, data security, tracking and data deletion.

Read more on smart products: UK Privacy Regulator Issues Black Friday Smart Device Warning.

Elsewhere, Which? claimed another Chinese vendor, Huawei, requested nine “risky” phone permissions for those setting up its Ultimate smart watch.

“Which? defines ‘risky’ as giving invasive access to parts of someone’s phone. These included precise location, the ability to record audio, access to stored files or an ability to see all other apps installed,” the consumer group noted.

“The company said all had a justified need. Huawei also said that no user data is used for marketing or advertising purposes. Which? found some trackers active on the Huawei watch, but Huawei said they are active only in certain regions.”

Products from non-Chinese vendors including Samsung, LG, Amazon and Google were also criticized in the report.

New ICO Rules Are Coming

“Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency,” argued Which? magazine editor, Harry Rose.

“Which? has been calling for proper guidelines outlining what is expected of smart product manufacturers and the ICO has confirmed a code is being introduced in Spring 2025 – this must be backed by effective enforcement, including against companies that operate abroad.”

In a statement sent to Which? Xiaomi apparently argued that it follows all UK data protection laws, does not sell personal data to third parties, and that the audio recording permission is not applicable to its air fryer.

Aigostar declined to comment, while Cosori said its smart products follow the GDPR.

“Compared to smartphones and laptops, excessive data collection from household connected devices carries an even greater risk of data breaches: most people are not an even aware of the scale and volume of the data collected by these devices, even though they have access to personal/domestic environments,” argued Megha Kumar, chief product officer at consultancy firm CyXcel.

“Making matters trickier, most people use some of the connected devices for 5-10 years. People replace their smartphones more frequently than their fridge. There have been several cases where hackers have compromised the safety and security of individuals by hacking their digitally connected heating systems, for example.”

What’s hot on Infosecurity Magazine?