Day 6
sMarthome permissions
DAY 6: Smarthome Permissions
So, you’ve cleaned up your network, split your Wi-Fi, and locked down your IoT devices. Nice job!
But today, we’re going to tackle one of the sneakiest parts of smart home security - permissions**.**
Because your devices might be behaving just fine… while quietly collecting way more data than you realize.
What’s up S’mores! I’m Shannon Morse and welcome to Day 6 of my 30-Day Security Challenge, where we’re protecting your digital life one bite-sized step at a time. Every day, we’re breaking down one concept of online security and privacy to make the process less stressful, and to keep you from burning out.
If you’re following along, make sure to subscribe so you don’t miss the next video. You can grab the full 30-Day Challenge checklist and notes over at ShannonRMorse.com.
STEP 1: WHAT ARE PERMISSIONS?
Smart homes are supposed to make our lives easier but in the process, they collect a lot of data.
Every command you give, every schedule you set, and every device you link together builds a behavioral profile about you.
Manufacturers use that data to “improve user experience,” but sometimes it’s sold to advertisers - or stored insecurely.
And when third-party apps or integrations get involved, those permissions can stack up fast.
So today, we’re going to do a smart home permission audit - figuring out what your devices have access to, removing what’s unnecessary, and tightening up your digital privacy.
When we say “permissions,” we’re talking about the access you’ve granted to your smart devices and apps.
Things like:
Which apps can see your location
Which devices can access your microphone or camera
And what kind of data is being sent to “the cloud”
The problem? Smart devices are designed to share. They want to connect, sync, automate, and talk - not just to you, but to each other and their parent companies.
That’s not always bad, but every permission you enable is another tiny doorway into your home’s privacy.
STEP 2: AUDIT PERMISSIONS
Let’s start with the apps that control your smart home ecosystem.
Start by opening the main app that runs your ecosystem - whether that’s:
Amazon Alexa
Google Home / Nest
Apple Home / HomeKit
Samsung SmartThings
Matter / Thread controllers
In each app, look for these menus:
“Connected Devices,” “Linked Services,” “Skills,” or “Third-Party Integrations.”
You’ll probably see a long list of connected accounts - everything from Spotify to your robot vacuum.
If there’s something you don’t use regularly or don’t recognize, disable or unlink it.
Are there old smart plugs you don’t use anymore? Disable or remove them.
Are there third-party “skills” or automations you don’t remember enabling? Revoke them.
And check your linked accounts - Spotify, calendars, shopping lists, whatever. If you don’t need them, unlink them.
Pro Tip: If you’re using a smart home hub, log into its admin dashboard to see what permissions third-party devices or integrations have. If you haven’t used a “Skill” or app integration in over a month, revoke it. You can always re-enable it later if you miss it.
Remember: the fewer connections you have, the smaller your attack surface.
If you use voice assistants like Alexa, Google Assistant, or Siri, they’re recording - and those recordings often get stored in the cloud.
Here’s how to clean those up:
Amazon Alexa:
Open the Alexa app → Settings → Alexa Privacy → Manage Your Alexa Data
Delete voice recordings and turn off “Use voice recordings to improve Alexa”
Google Assistant:
Visit myactivity.google.com → Delete Activity by → Choose “Voice & Audio”
You can also disable “Audio recordings” in your Web & App Activity
Apple Siri:
Go to Settings → Siri & Search → Siri & Dictation History → Delete Siri History
You can also tell your voice assistants not to keep future recordings. It won’t affect performance - but it’ll massively improve your privacy.
STEP 3: APP PERMISSIONS
Your smartphone is basically the master key to your smart home.
Every smart home app on your phone has its own set of permissions - and some of them get way too nosy.
Your goal in this step is to check who has access to:
Microphone
Camera
Location
Bluetooth
Nearby devices
Here’s how to check them:
On Android:
Go to Settings → Privacy → Permission Manager
Select Camera, Microphone, Location, Files, Bluetooth, Nearby Devices
Review each app and toggle off anything it doesn’t need
On iPhone:
Go to Settings → Privacy & Security
Check Location Services, Microphone, Camera, Local Network Access
For each app, decide whether it really needs that permission to function
If an app for your light bulbs wants access to your contacts or microphone, that’s a red flag. 🚩
If your smart home app doesn’t need access 24/7, change it to “Ask every time” or “Only while using.”
That way, the app can’t just eavesdrop in the background when you’re not even home.
And for bonus points: delete apps for smart devices you no longer own
If you’re finding this video helpful, a subscribe would me a lot to me. Subscribing is a simple and free way to support creators on youtube!
So if you’re following along with the challenge, hit that subscribe button and turn on notifications so you don’t miss tomorrow’s video. You can grab the full checklist and daily recap at ShannonRMorse.com.
BIG Patreon shoutout to to my smores! You can join them and support my channel by going to patreon.com/shannonmorse for perks like early video access and my private discord!
As usual, all the videos on my channel are free to watch, and I thank my youtube members and patrons for making that possible.
STEP 4: DEVICE-LEVEL PERMISSIONS
A lot of smart devices back up data to the cloud automatically. That can include video footage, automation routines, or energy usage logs.
For example:
Smart Security Cameras store video footage in the cloud (sometimes unencrypted by default)
Smart Lights may back up lighting configurations
A thermostat stores temperature data and occupancy patterns
Whenever possible:
✅ Opt for local storage over cloud backups
✅ Turn on end-to-end encryption (you may need to Google how to do this for your specific manufacturer).
✅ Disable “Share with developers” or “Performance tracking”
If a company doesn’t offer encryption or privacy options, consider replacing that device down the line with one that does. Vote with your wallet.
Now let’s talk about the physical devices themselves.
Most smart home gadgets - like cameras, displays, speakers, and lights - have their own privacy settings buried inside their companion apps.
For example:
Smart cameras: disable microphone recording or cloud backup if you don’t need it.
Smart speakers: review your voice history. Delete old recordings. Turn off “personalized responses” or “voice training” if you don’t use them.
Smart TVs: opt out of “viewing data” or “ad tracking” (yes, most of them do that).
Each brand hides these options in different places, but they’re usually under Privacy, Permissions, or Advanced Settings.
STEP 5: PERMISSIONS ROUTINE
Permissions aren’t a “set it once and forget it” kind of thing. Smart homes evolve - and so does their access creep. Every time you add a new device or update an app, it might ask for new access - and sometimes, it quietly re-enables permissions you’ve already turned off.
So here’s your habit for the week:
Once a month (or every few months), do a quick permission audit.
Open your main smart home app.
Check for new connected devices or third-party skills.
Review app permissions on your phone.
Remove anything you aren’t actively using.
Double check privacy settings after major app updates
STEP 6: BONUS: SMARTHOME SEGMENTATION
If you want to take your setup to the next level:
Create separate user profiles for family members.
Give limited permissions to guests or roommates.
Use your guest Wi-Fi network for voice assistants or smart displays.
Disable cloud access for devices that don’t need it, like smart bulbs or thermostats that work locally.
The idea is to give every device just enough access to do its job - and nothing more.
Since 2023, Matter has become the unified smart home standard across Apple, Google, Amazon, and Samsung - which is awesome for compatibility, but also means your data can move between platforms more easily.
Review Matter controller permissions to make sure devices don’t share data across ecosystems unnecessarily.
Disable AI learning features that “personalize” recommendations based on your routines.
And if you use AI-powered assistants, check for “training data” toggles in their settings - opt out whenever you can.
Today you learned how to review app permissions, manage data sharing, and keep your smart home working for you - not the other way around.
Tomorrow for Day 7, we’re switching gears to talk about cloud backups - how to store your data safely online without giving away your privacy.
If you’re following along, make sure you’re subscribed so you don’t miss it and grab your full 30-Day Security Challenge checklist at ShannonRMorse.com.
I’m Shannon Morse - stay smart, stay secure, and I’ll see ya tomorrow for Day 7!
Useful Resources