HomePod: It's Apple's Turn
Updated: Feb 19, 2019
In recent blogs, we have covered security risks on the Amazon Echo and the Google Home. Now it is time to test the Apple HomePod. What are its strengths, what are its weaknesses, and what can we do to minimize the risks associated with being a user?
The Apple HomePod is the newest sibling in the Home Assistant trio. The Amazon Echo was the first to grace the technological world with its presence, followed quickly by the Google Home. Apple’s HomePod was not even released until earlier this year. As the youngest sibling, we should reasonably expect the Apple HomePod to be an advancement/improvement on its older siblings. On the flip side, we should expect to find a few areas where it is not as advanced as the Amazon Echo and Google Home.
The biggest complaint against the Apple HomePod when compared to Amazon and Google is convenience. The Apple HomePod is really only proficient at the weather, text messages, and other minor details; compared to Google and Amazon which can do just about anything (within reason- they are only speakers, after all). At first, we may want to jump on that fact alone and just make our decision toward Google or Amazon. However, before you take that leap, let us question why. Apple is not as convenient for the simple fact that it is more secure! Apple is very strict about what it allows the Home Pod to connect to, thus making it much more secure, but also less skilled.
One of the easiest ways to see this is in what the three companies do with your voice command data. For both Amazon and Google, your data is encrypted in transit and at rest; however, the voice commands are linked to your Amazon or Google account. Now, on this same topic, it is possible to set up a separate Google account for your Home Device, while you cannot do this for your Amazon Echo. However, if the government were to come to Amazon or Google and ask for your information, they could point them straight to your account. On top of that, Amazon and Google store your commands until you manually delete them, and even then, both try to discourage deletion, as it will degrade your Home device experience.
What about Apple? HomePod data is encrypted just like Siri, so there is relatively no threat of someone stealing your command data in transit for any of the three devices. Unlike Google and Amazon however, data from Apple’s HomePod is made anonymous. There is no name or Apple ID tied to the commands. The recordings are saved anonymously for six months on voice recognition servers to improve Siri but with random and rotating IDs. After that, the commands are automatically deleted. A copy, with no identifiers is saved to help improve Siri for two years.
While the Apple HomePod is absolutely more secure than either the Google Home or the Amazon Echo, there is one security glitch (that is fixable). Siri does not recognize different voices, so anyone can read and/or send your text messages if you, the primary user, are within range of the device. However, this is a relatively minor flaw and can be fixed. To fix this, there are two options. 1) You can disable personal requests completely, but this will make it impossible for even you to send and receive texts; or 2) You can require authentication for secure requests. This will allow you to send and receive texts, but it will require some form of authentication first. This prevents your children or strangers from wreaking havoc through your text messages.
Home App > Location icon > Siri on HomePod > Personal Requests > either switch them off or click require authentication.