HomeKit devices are advertised by Apple as very secure. In addition, it is constantly emphasized that privacy is respected and particularly well protected. But, is this really the truth? Or should one still be careful and even tweak it manually? So much can already be said: No matter what you do – sooner or later your data will leave your sphere of influence anyway.
HomeKit is not a seal of quality.
The first point always comes as a surprise to many Apple users. Many believe that when a product carries a HomeKit logo, Apple cares about its quality. Unfortunately that is not the case. And so it may well be that you have fairly cheap devices that do not match Apple’s usual quality standards. For business reasons, Apple decided against manufacturing HomeKit devices itself: the margins are simply too small for Apple’s requirements. Therefore, Apple only provides the HomeKit standard for the devices to work together.
And that’s exactly what a HomeKit logo describes: that a device is compatible with Apple’s Smart Home System. An equivalent would be to say that a software program runs on macOS. It says nothing at all about the quality, data protection or other properties.
HomeKit devices do not necessarily have to work 100%
Apple’s HomeKit standard specifies various functions that the corresponding devices should actually be able to do. However, there are usually clear deviations, and no clear patterns are recognizable.
This is particularly the case with HomeKit cameras. Our model from Eufy, for example, can define both activity areas and black areas for data protection in the manufacturer’s own app. In HomeKit, however, only the privacy black area is carried over. The activity zones have to be set up again in HomeKit – but ironically these are then not respected.
The Aqara G2H security camera behaves in a similar way: HomeKit offers the option to switch off the status LED and the night vision function. However, the camera does not react to it, no matter what you set. The manufacturer app must be used for this. So there are also functions that are congruent, but simply don’t work (hopefully until an update sometime).
It usually doesn’t work without the manufacturer app.
The big and really commendable advantage of HomeKit is that Apple requires that the devices must also work locally, without detours via an external server. This would allow you to enter the devices directly into the Home app and not have to worry about the manufacturer app.
In practice, however, this will never be possible. On the one hand, firmware updates (which, if available, are usually really important) can only be installed via the manufacturer app. Secondly, many useful functions of HomeKit devices cannot be set at all via the Home app or do not work. With the Aqara G2H, for example, you can rotate the image if you want to attach it to the ceiling overhead. You won’t get very far with just Apple’s Home app.
Privacy is not 100% guaranteed.
HomeKit has a reputation for taking good care of your privacy. But that’s only half true. Everything that controls your home app should be in good hands with Apple. However, a device with the HomeKit logo does not mean that it actually only communicates with Apple. As already mentioned, the logo only means that it is also compatible with Apple’s HomeKit system – what it does beyond that is often unclear.
And so many HomeKit devices still send collected data about their use to the manufacturer. This means that the communication between Apple and the device is secure and private, but the device chats merrily with the manufacturer on a second channel. This is often easy to understand: if you don’t have a HomeKit hub like a HomePod mini at home and the device can still be reached when you’re on the go, then the functions run via the manufacturer’s server. Practical, but user information is also transmitted.
And this data is very important for the manufacturers. Remember, Apple doesn’t even make this hardware because they don’t think it’s worth it. The usage data is valuable – and despite the HomeKit certification, this can be collected on the side.
Manual rework is necessary for the optimum.
Now you could argue that I simply forbid the HomeKit devices to access the internet! They might even get into an extra network (which we highly recommend). And that’s a good idea too. Even Apple is aware of this fact and therefore there are HomeKit compatible routers. And these stand out with one feature: you can simply specify for each HomeKit device whether it is allowed to access the Internet or not (with normal routers you can simply do this via the firewall). So Apple knows exactly that all HomeKit devices also call home and therefore came up with the HomeKit routers.
However, there are not many of them and they usually have fewer functions than a FritzBox, so they can only be used for really private environments. Secondly, these do not completely prevent the HomeKit devices from phoning home. Because if you do an update via the manufacturer’s app, the device doesn’t have internet access, but your phone does. And then the app simply sends the collected device data to the manufacturer. So you see, completely anonymous and data-free use is not possible with smart home devices with the Apple standard HomeKit and is probably not even intended by the manufacturers.
The bottom line is that the HomeKit standard is still the best of all available smart home offers. But it is not perfect either. You have to keep in mind that the HomeKit logo only indicates compatibility. Unfortunately, you are still responsible for everything else.