Bose Privacy Concerns Are your headphones spying on you?

Be careful about what you put to the test!

A few months ago Kyle Zak filed a case in which he claimed that his headphones were “spying” on him.  At first, I thought that this was outrageous – there was no way that Bose could be spying on me (after all – I love my QuietComfort 35 headphones)!

I decided see if Zak was correct.  I loaded up BurpSuite, pulled out my phone, downloaded Bose Connect, and started playing Pandora.  Of course at first I saw the basic traffic that I would expect to see with any app – standard update checks, data being sent for debugging purposes, etc.   I waited for the information to stop flowing, then opened Pandora.  Shortly after starting Pandora, I could see information about my music being sent to an external data analytics company.

Was Bose really that stupid?

I checked Bose Connect’s privacy policy.  Sure enough, the policy covered them for the update checks, debugging, analytics, etc.  So what’s the problem?  I was never prompted to accept the privacy policy when I installed the app.  Most apps, programs, etc prompt you to accept a End User License Agreement (EULA) and privacy policy when you install them.  Bose Connect did not.  I proceeded to check if there was a copy of the privacy policy that I could read prior to installing the app.  Neither the Google Play store or the Apple App store had a copy of the policy.  I even checked Bose’s website to try and find the policy, but it wasn’t there either.  (Even if they did have the privacy policy published, it would not be enough to be considered prior consent.)

Conclusion

I was shocked by the time I had concluded my research.  I never believed that a corporation as large as Bose could make such a serious mistake.  At the end of the day, I chose to uninstall Bose Connect.  They did come out with an update a few weeks later that allowed you to opt-out of the data sharing; however, I still choose to leave the app uninstalled.

To read my full findings, please visit  https://bscc.support/files/bc_privacy/bose_connect_privacy_evaluation.pdf.

 

About thegeekkid

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.