The Ring Doorbell 2 from Amazon is powered by an exchangeable battery, but also supports various bell transformers and an optional solar charger. Infrared night vision and adjustable motion alarms are among its features along with the 1080p live stream.
The enclosed manual explains step by step how to install the video doorbell. The app then guides you through setting up the camera and WiFi. After a subsequent firmware update, the camera is ready for use.
When registering a Ring account, the password must only be six characters long, there are no further requirements. This means that “123456” can also be selected as the password. We strongly recommend the implementation of state-of-the-art complexity guidelines. We also recommend users to activate the available 2-factor authentication.
Both the Ring Doorbell 2 and its app always communicate encrypted with the Amazon AWS Cloud. Video streams are also sent and received encrypted. Once the video doorbell has been set up or linked to the WiFi, the app and device no longer communicate locally but exclusively online.
The Ring App is written in Kotlin and is quite extensive. Version 3.14.3 has been analyzed statically and dynamically. No notable weaknesses could be revealed.
The app integrates several trackers so it communicates with some non-Amazon servers, but always encrypted as well.
Man-in-the-middle attacks are effectively prevented by the implementation of certificate pinning, even if attackers install the associated CA certificate on the owner’s smartphone.
The Amazon subsidiary Ring had already made some headlines in terms of privacy, including the accusation that employees had easy access to the customer’s cameras. This was denied by Ring, but nevertheless spread rapidly in the media. We were astonished why the owner could see the camera image, but did not activate the LED on the Ring Doorbell 2, so that passers-by could not see that someone was watching. Only when we activated the audio transmission the ring around the bell button lit up.
The Ring app currently has 10 built-in trackers, which was reflected by the fact that the app contacted some servers outside Amazon.
In addition to a comprehensive privacy statement, Ring also offers a short version in which the most important topics are answered in Q&A form. The complete version informs Amazon-typically very detailed about all privacy relevant aspects. In addition to the full name and address, Ring also records the current location of the smartphone. The use of video data for facial recognition is also already regulated, although such features are currently not available.
Ring replies to press releases to AV-TEST
There is also a Ring Neighbors program where neighbors can be alerted to suspicious activities, including video footage. Many police stations in the USA cooperated with Ring and offered local residents Ring devices at reduced rates if they activated Ring Neighbors.
Ring promptly answers to this information in our comparison test: “The Neighbors portal is an extension of the Neighbors app. It allows local police to share crime and security alerts, view public posts, and comment on them as a verified police officer. The police can also use the request tool to request ring video from users in a specific area under investigation. Through the Neighbors Portal, local police can only see publicly available content from the Neighbors app, unless a user explicitly and voluntarily decides to share his own records with the police. “
To allege in the US press allegations that Ring would abuse the police for the distribution of its hardware, a spokesman for the company said to AV-TEST: “Ring does not expect the local police authorities to promote our products. We provide them with materials and information about our products and services to ensure they are presented correctly to the public. But we do not ask for this information to be used. ”
Anyway, technically the Ring Doorbell 2 convinced us in our test in terms of security and pulled in many points. Our only point of criticism is about passwords, where we strongly recommend an extension of the complexity policy. A lot of data is recorded in terms of privacy, but the customer is very well informed by Ring.