In late November, security researcher and consultant Paul Moore discovered a handful of flaws in Eufy's connected security cameras. While the most attention-grabbing issue Moore raised is a vulnerability that hypothetically allowed live camera feeds to be accessed over a web browser without authentication, he also discovered that video thumbnails were being uploaded to and stored in the cloud, seemingly surreptitiously, even though he'd declined to use Eufy's cloud services. At the time, Eufy pledged to add language to its Security app making it clear that enabling certain notification functionality would necessitate some of your data making its way to the cloud. In an app update rolling out now, as spotted by ZDNet, the company's done just that.

eufy-security-update

According to the What's new section of the Eufy Security app's Play Store listing, the latest update — on Android, that's v4.5.1_1523 — adds a "statement that cloud service will be involved when users choose to push thumbnail messages." That's not super clear, but it means the app now discloses that choosing to include thumbnail images in your event notifications will result in those thumbnails being uploaded to the cloud and stored there temporarily, even if you're not otherwise using Eufy's cloud services.

The updated language is a good thing, even if it should have been present to begin with — but it doesn't address the other issues Moore called attention to. Eufy issued a statement last week saying those at the company "adamantly disagree with the accusations levied against the company concerning the security of our products" and that "If a credible vulnerability is identified, we take the necessary actions to correct it," without specifically addressing any of the red flags Moore's recently highlighted.

That said, Moore tweeted in late November that he'd been in contact with Eufy's legal department and was giving the company "time to investigate and take appropriate action." It's likely we'll get more specifics soon — if not from Eufy, then from Moore, who says he plans to provide further updates when possible.