China has passed a new law, allowing the government to legally attempt a penetration hack on any Internet operation within the country: and to find and keep any data they can get during the attack.
Why should you care? Well, a number of big-name inexpensive Home automation devices use clouds or apps run by Chinese companies on Chinese servers. So any information that you give to those clouds or apps may end up in a database at the Chinese government. That includes passwords, payment information, email addresses, and even usage history.
Some examples would be Huawei, Xioami, SmartLife, Tuya, MiHome, Yeelight, and TP-Kasa. Also vendor sites like Alibaba.
If you are just buying an individual switch or sensor from a US or U.K. importer and connecting it directly to your smartthings hub, there shouldn’t be an issue.
But if you have to use the Chinese company’s app or cloud, it’s definitely something to be aware of. Or if you have to buy it from a company operating inside Chinese borders.
Many of us suspected that something like this has been happening all along, but the new law means that it’s legal for the Chinese government to do so even under international law.