German organization Security Research Labs has demonstrated both that malicious apps can be created for Alexa and Google Home, and that they can pass security vetting. The company successfully created eight such apps that they called “Smart Spies.” Each was designed to eavesdrop or phish, and each was then approved by Amazon and Google.
“It was always clear that those voice assistants have privacy implications—with Google and Amazon receiving your speech, and this possibly being triggered on accident sometimes,” Fabian Braunlein, senior security consultant at SRLabs, told Ars Technica.
