[German]Reolink offers surveillance cameras for various tasks. The Reolink app for Android is available to access the camera. However, the latest app versions come with three Chinese trackers, which were quietly integrated in October 2024.
Advertising
Reolink surveillance cameras
The company Reolink offers a whole range of surveillance cameras for the home and property sector and is also represented on the market in Germany (directly and via platforms such as Amazon or retailers).
Founded in 2009, Reolink claims to be an innovative market leader in the field of intelligent visual technology for the home. According to the company's website, its mission is to lead home security into the future with groundbreaking, reliable and customer-oriented solutions.
The company is Chinese-owned and based in Hong Kong, according to the website's legal notice. Outside of China, Reolink itself has a website, but also has distributors who sell its products.
The Reolink Android app
The company offers software and apps to access the security and surveillance cameras. There is a Reolink app for Android, which has been downloaded over a million times from the Google Play Store.
Advertising
In the app description, the Reolink app is advertised as an easy-to-use "security camera system monitoring app". The app allows users to access cameras and recording devices (NVR) locally or remotely using mobile devices. Users can watch live streaming of the monitored objects anywhere and at any time. If I understand correctly, the app stores the video images from the cameras in the Reolink cloud.
The app comes with chinese trackers
A blog reader pointed out a new discussion about the Reolink Android app to me in a private message on Facebook (thanks for that). There has been a thread Reolink Android App now includes 3 chinese trackers on reddit.com since two days about the Reolink Android app, that now includes 3 Chinese trackers.
The thread starter wonders whether any of the app users have noticed that version 4.50.0.4 of the Reolink Android app, which has been rolled out since October 24, 2024, comes with three Chinese trackers. Reolink has quietly integrated these into its Android app.
The thread creator refers to the analysis by Exodus, which found signatures from the following trackers in the code of the Android app.
Regarding WeChat Location, it is said that this service is affiliated with Tencent and the Chinese government.
The thread starter on reddit.com justifiably asks why the Reolink Android app has to use three Chinese location services if the security or surveillance camera is operated outside China.
But the story goes even further, because the app requests new authorizations from Android that are quite something. These include corrections such as READ_PHONE_STATE (read phone status and identity), or READ_PRIVILEGED_PHONE_STATE, and RECEIVE_BOOT_COMPLETED. DOWNLOAD_WITHOUT_NOTIFICATION, RECORD_AUDIO or ACCESS_FINE_LOCATION don't really sound harmless either.
The list of 38! authorizations can be viewed on the Exodus analysis page. The Exodus history shows that originally only Google Analytics was used as a tracker and fewer permissions were requested.
Why does the Reolink Android app need these permissions? Some authorizations are probably related to app functions. For example, the app owner can communicate with Door Bell cameras via smartphone and talk to the visitor in front of the door.
But in my opinion, the thread starter is right to ask whether the Reolink Android app not only tracks intruders at the monitored objects, but also tracks the app user. Does anyone in the readership use the Reolink cameras and the Reolink software? If so, how do you secure them in a corporate environment? Is there alternative software for capturing the video signals from the cameras and recording them locally?
Advertising
