Warning: Alexa’s “drop-in” permissions extend to all members of an Amazon Household

Now that Amazon plans to add the drop-in feature to all Echos and Echo Dots, it’s important to understand exactly how the feature works to properly control your privacy. Thankfully, the feature is disabled by default, so if you ignore it altogether, you’ve got nothing to worry about. However, if you decide to enable drop-in, you might be giving more people than you think access to your Echo device’s microphone, or in the case of the Echo Show, the device’s camera. The main concern is that giving a contact drop-in privileges might also give people you don’t even know access to your devices, if that contact is part of an Amazon Household.

“If you grant Drop In permission to yourself, anyone in your household also receives Drop In permission; and if you grant Drop In permission to a contact, anyone in that contact’s household also receives Drop In permission. Users with Drop In permission may see an indicator to let them know if your device has been recently active.” ~Alexa Terms of Use

The drop-in feature of Amazon’s Alexa calling capabilities is closely linked with Amazon’s concept of an Amazon Household. If you plan to use drop-in on your own Echo devices, so that they can be used as an intercom, everyone that is part of your Amazon Household will also have drop-in permission. For the average person who’s Amazon Household consists of their spouse and kids, that’s probably not an issue. However, if you’ve added other family members or friends to your Amazon Household, in order to share Prime benefits, for example, know that those people will be able to listen in on your Echos and Echo Dots at will, and activate the camera on your Echo Show.

Where it becomes a real privacy concern is if you grant people outside of your own Amazon Household drop-in permissions. That is because when you enable drop-in for a contact, you are also enabling drop-in for everyone that is a member of that contact’s Amazon Household. This has the potential to be a huge privacy hole because you have no way to know who is a member of that contact’s Amazon Household. The contact who you’ve given drop-in permission can essentially grant anyone they want permission to drop-in on your Echo devices by adding people to their own Amazon Household.

Imagine a scenario where you grant your mother drop-in privileges because she wants to be able to easily see/talk with her grandkids. If your mother, unbeknownst to you, has added weird Uncle Joe to her Amazon Household because Uncle Joe wants to watch free Prime Video and is too cheap to pay for his own Prime membership, then Uncle Joe can now drop-in on your Echo devices, even though you never explicitly gave Uncle Joe drop-in permission.

Drop-in permissions extending to all members of an Amazon Household is especially a concern because the feature can be accessed through the Alexa app, so the person dropping-in doesn’t even need to own an Echo device. Unless Amazon changes this policy, it’s crucial that you know a contact’s Amazon Household members before granting them drop-in permission. The only way to know that is to ask the contact, but even then, the contact can change their Amazon Household members at will.

In a perfect world, the only people who are part of an Amazon Household are the ones living under the same roof. However, we’re not in a perfeft world, which is why Amazon continues to limit how Prime benefits can be shared. Since people try to game the system in order to share Prime membership benefits, there are all kinds of people linked together in Amazon’s ecosystem that you wouldn’t consider equals when it comes to privacy matters, even though Amazon does.

One saving grace for this potential privacy nightmare is that you can disable the drop-in feature on a per device basis. You can also choose to limit the feature to only members of your own Amazon Household, again, on a per device basis. So if you’re granting someone outside of your household drop-in permission, you might want to set all but certain Echo devices to only allow drop-in from your household. By default, all Echo devices are set to allow drop-ins from everyone you’ve given drop-in permission. But remember, this is only necessary if you plan to use drop-in at all, which is disabled by default.

Given the slightly creepy nature of the drop-in feature, it’s very surprising that Amazon is treating all members of an Amazon Household as one entity when it comes to the feature. The Alexa app makes it seem like you’re enabling drop-in on a per-person basis, when in fact, you’re enabling it on a per-household basis. Amazon needs to do a better job of surfacing that fact within the app. They can’t exactly list all the members of an Amazon Household in the app, since that would reveal private information about someone else’s Amazon account, but they should at least list something like “+2 other people” next to a contact’s name who is part of an Amazon Household, when granting drop-in permission.

ShareTweetShare+1

2 comments
  1. Al says:

    Really good info, thanks for taking the time to put it together and send it out!!

  2. steven Hudson says:

    So does that mean that other family members i.e. Wife and Kids will also
    Be able to send voice commands or ask Alex to play music or turn on lights etc

    As at the moment only I can control my Echo/dot etc

Leave a Reply

Your email address will not be published. Required fields are marked *

*




Get notified of new posts

Enter your email address to receive notifications of new posts by email.