I had assumed they used BLE to bridge MQTT via the phone while their App was connected.
Ah! That explains it. I was going to be really skeptical that other people's wifi endpoints would "help out" foreign devices, but this makes more sense.
It seems the article does not concern itself with what the device tells Amazon about you, but rather whether it ensures only Amazon will be able to eavesdrop on you and that they do so reliably. What a "refreshing" perspective.
I’m being downvoted, but the parent comment asked “why would you buy it” and I gave reasons.
I guess people who buy an iPhone do it to communicate with Apple, since people buy apps and Music subscriptions?
[... through an amazon-provided service]
It doesn't have to be Amazon, but it has to be someone... and it makes sense the Amazon device communicates with Amazon services
Isn't that just swell!
I mean - look at just how smart these guys are, don't you want to be just like them!?
If the network behavior showed it was sending data it’s not supposed to do, that would be noteworthy.
So this paper is helpful in this regard (in addition to other material).
This paper seems to answer “can entities other than Amazon get data from me via network exploits?” and “are drop-in calls transmitted in the clear or using end-to-end encryption?”
You might not be interested in those answers if you’ve already concluded you’ll never own one, but that doesn’t make them uninteresting to everyone else.