Security researchers have recently discovered a vulnerability that allowed third-party apps to eavesdrop on households with certain smart speakers, including Google Home and Google Nest devices. The apps were installed on Google Home ($99 at Walmart) speakers and displays as Google Assistant Actions, some of which allow you to hail a rideshare, order pizza or play music from Pandora, Spotify or YouTube Music.
Unlike on Amazon Echo devices with Alexa, which require you to enable third-party skills before you can use them, most Google Assistant Actions are baked into the software, needing only a voice command to activate. That puts most of the responsibility for protecting users’ privacy on Google, which has already removed the offending apps. That said, there are still a few things you can do to shore up privacy and security on your own Google account.
Here’s what you can do if you’re concerned about your Google Home devices being hijacked to spy on you.
First, take a look at what Actions you’ve enabled
Although most Google Assistant Actions require no setup on your part, some do, especially when you connect smart home devices such as lights and door locks to Google Home. To see a list of all the Actions you’ve manually enabled:
1. Open the Google Assistant app on your mobile device. (If you don’t have the Assistant app, head to the iOS App Store or Google Play and download it.)
2. Tap the explore icon (the little compass needle in a circle) in the bottom left corner.
3. Scroll all the way to the bottom and tap Your Actions.
4. Tap Linked.
From here you can see all the actions you’ve specifically authorized, most likely music services (like Pandora or Spotify) or smart home devices (like Nest or Wemo). If you see any you don’t recognize or no longer need (for example, if you switched music services) here’s how to delete them:
1. Tap the more information icon (three horizontal lines) to the right of the linked service you want to delete.
2. Scroll down to Account status.
3. Tap Unlink.
4. When the app prompts you for confirmation, tap Unlink.
Next, look up everything Google Assistant has on you
First, you’ll want to navigate to the Settings page that details all the information Google has been keeping on you.
1. Open your Google Home app.
2. Tap your personal icon (the little silhouette in a circle) in the lower right corner.
3. Under the Google Assistant heading, tap More settings.
4. Select You from the menu bar at the top.
5. Tap Your data in the Assistant.
Here you can scroll as far back as your record goes through every piece of information Google Assistant has been keeping about you. You can delete items one at a time by tapping the trash can icon beside each item, or you can follow the next set of steps to delete all of it.
Delete some or all of your private data
Google Assistant saves audio recordings of every voice command Google Home has ever heard (including false triggers), which helps the software to understand your voice and execute future commands better, but isn’t critical to the device’s operation. To delete that and all other data, starting from the Your data in the Assistant screen:
1. On the Your data in the Assistant page, under Your Assistant activity tap My Activity.
2. To the right of the search bar at the top of the page, tap the icon of three stacked dots.
3. Tap Delete activity by.
4. If you want to start over with a clean slate, tap All time. Otherwise, you can choose to delete all data collected in the Last hour, Last day or create a Custom range, say, from the day you started using Google Home until last month.
5. The app will ask you to confirm that you would like to delete your Google Assistant Activity for the specified period. Tap Delete to confirm.
6. The app will indicate, “Deletion complete.” In the lower right corner, tap Got it to return to the main Google Assistant Activity page.
Choose how often your data will be deleted
If you don’t mind letting Google Assistant remember your recent interactions with it, you can set the data to be deleted automatically after either three or 18 months. From the main Google Assistant Activity page:
1. Scroll down to Keeping activity until you delete it manually and tap Choose to delete automatically.
2. Change the setting to either 18 months or three months and tap Next.
3. When app asks you to confirm the change, scroll to the bottom of the page and tap Confirm.
4. Tap Got it to return to the main Google Assistant Activity page.
For the most extreme privacy option, pause all activity
Instead of regular purges, you can set Google Assistant to no longer keep logs of your data at all, but that may cause some hiccups with how well Google Assistant functions. If your privacy is of the utmost importance to you and you’re willing to deal with a few glitches from time to time, from the main Google Assistant Activity page:
1. Scroll down to Web & App Activity is on and tap Change setting.
3. Turn off the toggle beside Web & App Activity.
4. A screen will pop up, warning you that “pausing Web & App Activity may limit or disable more personalized experiences across Google services.” At the bottom of that screen, press Pause to stop Google from logging your activity. Note that changing this setting does not delete any of your personal data from Google, it only stops Google Assistant from recording more data going forward.
After you press Pause, you’ll be returned to the main Google Assistant Activity page.
That’s it — now you don’t have to declare open season on your private life or your personal data in order to enjoy your Google Home smart speaker or hub. This may be especially important if you’re concerned about Google restarting the human-powered quality assurance program it suspended in August in which reviewers listened to recordings collected from many of the over 3.2 million Google Home devices in the wild.
Not to mention, smart speakers are just the beginning: nowadays, and .
Originally published earlier this month.