Pet technology, meant to provide assistance and security for pets and owners, has its own weaknesses.

Pet owners are increasingly turning to technology for various pet care purposes such as feeding, health and activity monitoring and motion tracking. Much of this technology works through devices and apps connected to the Internet of Things (IoT), thereby presenting privacy and security risks to those who use them.

What are the risks, how serious are they, and what steps have pet owners taken to protect themselves?

These issues and questions are the subject of a new study titled “Security and privacy of pet technologies: actual risks versus user perspective” by a research team from the UK’s Newcastle University and at the University of London. It was published in Frontiers in the Internet of Things.

Technologies are available for many aspects of pet care. Owners can use apps and devices to feed their animals remotely; give them water and medicine; play with them (eg automatic ball launchers for dogs); watch and listen to them directly through the cameras; and through wearables, monitor their activity and track their movements via GPS.

However, despite pet tech’s projected market value of $3.7 billion by 2026, few studies to date have specifically addressed its privacy and security. Its functionality through IoT means that in the event of a security breach, an owner’s personal information—such as their address and details on household residents, including pets and children— may be exposed; or that an app or device assigned an important function—such as a medicine dispenser—can be misused or simply shut down.

In this new investigation, researchers first examined the privacy and security practices and vulnerabilities of 20 commonly used pet tech apps, and then surveyed a group of 593 users from Germany, the UK and US to find out which technology they use; their experiences with its security vulnerabilities; their awareness, needs, and concerns about it; and the steps they take to protect themselves and their pets.

The researchers also conducted a detailed analysis of legislation from seven European countries, the European Union, and the US state of California addressing animal welfare and privacy for specific mentions of pet technology. on privacy and security. Finally, the team compared users’ perceptions and concerns about the technology with its actual risks.

A lack of regulation and lax security in technology

Among the notable findings, the assessment found that contrary to laws that regulate the use of technology to collect and store data related to the person, almost no legal regulation exists to set privacy standards and security in the field of pet technology. The team confirmed this through discussions with animal technology experts in both academia and industry.

The implications of this gap are profound. The newspaper states, “Due to the lack of regulation, animal applications that do not store any data related to humans do not have to follow the same restrictions as apps designed for humans. However , many of these apps collect data about people or data related to the actions of individuals.”

In fact, the team found that two of the 20 apps they looked at “had user login details visible in plain text within unsecured HTTP traffic,” according to the paper. They also found that one of these apps would allow a bad actor to determine the exact location of a user’s pet, and both provided a lot of detailed information about users (name, address, phone number, email) and their pets (health conditions. , medications, and more).

The researchers contacted the companies behind both apps about these vulnerabilities. One company subsequently implemented HTTPS encryption for its communications; the other didn’t answer.

Inability to agree to privacy policies

Nineteen of the 20 apps also included at least one form of tracking software, and 14 of them began tracking users before they were given the opportunity to consent.

Regarding privacy, only one of the 20 apps clearly displayed the privacy policy to users and asked them to indicate their agreement.

Nine others did not mention or display any privacy policy upon user registration, and another 10 only provided a link to a privacy policy without displaying it. This violates the EU’s 2018 General Data Protection Regulation (GDPR; one of the legal rules included in the team’s assessment), which states that user consent must be given for user data to be processed.

Furthermore, the paper said, “None of the apps allow the user to reject the privacy policy and continue using the app,” which also violates the GDPR.

Respondents’ experiences and predictions

There were 199 participants from the UK, 197 from the US, and 197 from Germany. Of these, 511 were confirmed using some type of pet tech; the most common include automatic feeders, cameras, GPS/location trackers, and microchips. Many participants also reported using smart toys and mobile apps for health monitoring.

Notably, of the commonly reported incidents, there were 132 reports of devices that stopped working and 35 respondents who reported being unable to access their accounts. Nine respondents reported data leaks, seven reported damage to their pets, and six reported someone else had accessed their account.

None of the respondents reported specific incidents of injury to a human user, and in fact there were 409 affirmative responses of “none” regarding injury to a person.

But when it comes to predictions, more respondents (330) believe they may experience a device malfunction than those who thought they might encounter a data leak (287), inability to access their account ( 146), unauthorized access to someone else’s account (136), or harm to their pet (95) or themselves (44).

Respondent privacy and security precautions

Although few survey respondents reported experiencing actual privacy or security incidents, many more believed they could happen. But the researchers noted that fewer respondents reported taking similar security measures specifically with their pet tech than they usually do.

This is true on a case-by-case basis for questions about two-factor authentication, unique account passwords, strong passwords, performing system updates, backing up data, and taking any precautions security compared to nothing.

What is needed next?

The researchers concluded with several recommendations for providing more and improved safety information to users of IoT devices and pet tech, stronger regulation of such technology, and privacy and security improvements to the technology itself.

They also called for further research in this field “in the hope of offering practical solutions to improve the quality of life of animals and their owners without any risk and fear of security, privacy, and safety of both animals and owners.”