An illustrated robotic vacuum on a floor made up of digitized data

Robotic vacuums are smart little suckers. Most use mechanical sensors, optical sensors, and advanced software to get the job done. And most connect to the internet, which puts them in the same category as video doorbells and webcams, which collect personal and environmental data to serve the user better.

As part of Consumer Reports' Digital Lab initiative, we evaluate devices that collect data about consumers, and we recently tested robotic vacuums. We found that on the whole, their potential vulnerabilities aren't as worrisome as those for video doorbells, but that manufacturers could still adopt more robust security measures. After all, in some cases we're talking about a bot with a camera connected to the internet scooting around your house.

More on Robotic Vacuums

“These companies need to make sure the cameras in robotic vacs have reasonable security protections to ensure that attackers can't access them,” says Justin Brookman, CR’s director of consumer privacy and technology policy.

A few robotics don’t have WiFi connectivity, so there are no privacy or security concerns there. (But you also won’t get fancy mapping tech or cleaning reports.) Of the robotics with WiFi connectivity that we tested, none were downright terrible at ensuring your privacy and security. But none were great, either.

How We Test for Data Security and Privacy

For data security, we assess whether a robotic vacuum incorporates security measures such as encryption. We also look for, among other features, two-factor authentication, automatic software updates, and email notifications when a user logs in from a new device or IP address.

For data privacy, we examine privacy setting options and publicly available documents, such as privacy policies and terms of service, to see how manufacturers collect and use your data, including whether they disclose how they collect it and whom they share it with. Our experts use The Digital Standard, an open-source set of criteria that CR created with other organizations, for evaluating digital products and services. We score robotic vacuums on more than 70 indicators.

Below is a closer look at our findings, as well as the details on robotic vacuums from our tests that score well for keeping your data secure and private, and how they vacuum. CR members can see the results of all the robotic vacuums we test in our robotic vacuum ratings.

Robotic Vacs’ Data Security Results

The good news is that all of the manufacturers encrypt users’ sensitive information, such as usage data and user credentials. Our labs didn't see any sensitive information being sent unencrypted during testing, and no serious security flaws or vulnerabilities were found. Other key findings:

  • Of the companies we test, only iRobot earns an Excellent rating in data security. In addition to using encryption, the company issues regular updates to patch security vulnerabilities. Its internal policies limit and monitor employee access to user information, and invite outside security researchers to monitor its products for vulnerabilities. “We supplement internal expertise with extensive engagement with the security research community to provide the broadest view possible to identify, react to, isolate and resolve potential security issues,” says Mike Gillen, director of product and data security at iRobot.
  • Samsung, Ecovacs, and Shark earn a Very Good rating for data security. However, these companies don't disclose enough information about how they limit and monitor employee access to user information. Ecovacs and Shark don't have a program for security researchers to report bugs or vulnerabilities.
  • In terms of password security, iRobot, Ecovacs, Samsung, and Shark all meet at least two of the following criteria from The Digital Standard: passwords must be at least 8 characters (up to 20), reasonably complex, and may contain special characters.

Robotic Vacs’ Data Privacy Results

The bad news is that none of the robotic vacuum companies in our tests earns high marks for data privacy. The information they provide is vague at best when it comes to explaining what data is collected and how it’s collected.

  • Eufy earns a Fair rating in this department and is the worst of the companies we test. In our data privacy review process, where we assess how much publicly available information a company offers on its privacy protection measures, Eufy had the least amount of information available. Here's what they had to say about the issues we raised: “Right now, the data the robot collects enables it to effectively clean the home and provides customers with information about cleaning performance. Eufy will endeavor to take our privacy and security measures to the next level,” said Vicky Guo, a spokesperson for Eufy. “We will never violate our customers’ trust by selling or misusing customer-related data, including data collected by our connected products.” 

  • Ecovacs, iRobot, LG, Neato, Samsung, and Shark provide more details about their privacy policies than Eufy, and also allow consumers to request the information that’s collected about them. However, none of these better-ranked companies allow consumers to obtain all of their private and public data, and few do a good job of updating consumers about changes to their privacy policies. Each earns a Good rating for data privacy.

Most Secure and Private Robotic Vacuums

These five robotic vacuum models rank high in our security and privacy tests, and are great at vacuuming, too. The two Eufy models aren't connected to WiFi, so they can’t collect and share data about you. As such, you won't see data privacy and security scores for them below.

Top Picks

1

Data privacy
Data security
Ease of use

2

Bare floors
Navigation
Ease of use
Unlock Vacuum Cleaner Ratings
Become a Member or Sign in