What You Need to Know About Houseparty’s Privacy and Security
Houseparty, like Zoom, is a video chat app that has surged in popularity as social distancing has taken effect across the globe. But if there’s anything we’ve learned from Zoom’s surge, it’s that popular apps aren’t always secure or compliant with expectations around privacy and data sharing.
What Is Houseparty?
Houseparty is a face-to-face social networking app—allowing up to eight people to video chat in their own call or “room”. The app is available on Android, iOS, macOS, and as a Chrome browser extension. You can also access the app via your browser at app.houseparty.com.
Within these rooms or chats, you can play games with friends or just hang out. You can join the chats of any friends who are online on the app, with the focus being on connecting and being able to drop in whenever friends are online.
Who Owns Houseparty?
Epic Games owns Houseparty as a result of the company acquiring the app’s developers Life on Air. Epic Games is a US games and software developer/publisher, known mostly for its development of Unreal Tournament, Fortnite, and the Unreal game development engine.
The company’s founder, Tim Sweeney, owns the majority of shares in Epic Games. Tencent Holdings, a Chinese company and the largest video games company in the world, owns a 40% stake.
What Data Does Houseparty Collect?
According to the app, it collects the following information:
- Account information including names, email addresses, birthdays, usernames and passwords
- Profile pictures and phone numbers (if provided)
- Information on friends and imported contacts
- Usage information, including time spent in chats with friends, and purchases
- Information on third-party accounts linked to the app, such as social media accounts
- If you grant address book access, the app collects information on friends’ phone numbers and addresses
- Location information, such as ZIP code, IP address, and state/region
- Feedback information from surveys, contests, promotions, suggestions, and reviews
- Device information such as your browser, hardware model, operating system, and mobile carrier
- Certain browsing information, such as the site you visited before visiting Houseparty and the site you visit after leaving Houseparty
The company also specifies where it gets this information from, including directly from you, using browser cookies and web beacons, and via the app’s usage tracking features. Houseparty is also able to get information from third-party apps and social media platforms, depending on how you join the app and whether you link accounts.
The company can also collect and collate data across different devices. This means if you use Houseparty on both your phone and computer, the app gets information from both devices and combines it.
Houseparty, with its default settings, is not exactly an app you’d use for private conversations and calls. Friends of friends can join your conversations, so while you won’t get random strangers dropping in, people you don’t personally know may join your chat.
The app also informs your connections whenever you’re online and allows them to jump right into a video call. It is possible to “sneak” into the app, which is essentially an incognito mode that doesn’t inform your contacts of your arrival.
This is done by holding down the icon for the app and selecting Sneak into House. This mode lets you use Houseparty without alerting your contacts.
You can also lock a conversation if you don’t want friends of friends to join. However, any participant in the chat can unlock the group session to let others in. Enabling private mode in the app also locks your chats by default, but participants are able to unlock these chats too.
When it comes to data sharing, there are a few important things to note regarding who Houseparty shares your data with.
When using the app, you should note regarding its data sharing:
- Houseparty shares your public profile with your connections, as well as their connections
- Other users can view your name, username, and the connections you interact with the most
- Your information may be shared with third-party vendors, including Houseparty’s social media and advertising partners
- Houseparty will share data with government and law enforcement agencies if they have a court order or subpoena
- Your information may be shared with businesses who merge with or acquire Houseparty or part of Houseparty’s business
You are able to opt out of some marketing and tracking on the app.
What Permissions Does Houseparty Request?
The mobile version of Houseparty requests access to your camera, contacts, microphone, and storage. These Android app permissions relate to the app’s functionality, since it needs access to this hardware to initiate video calls.
Under “other” permissions, the app requests permission to:
- Download files without notification
- Run foreground service and run at startup
- Control phone vibration
- View network and Wi-Fi connections, with full network access
- Prevent phone from sleeping
- Receive data from the internet
- App store billing service and installer API
- Send sticky broadcasts
- Change your audio settings and pairing with Bluetooth devices
Certain permissions can be denied. For example, if you deny the app access to your contacts, you won’t be able to automatically find friends who use the app. Rather, you will need to ask for their usernames and add them manually.
However, on the browser extension for Chrome, Houseparty requests additional information that relates to tracking rather than functionality.
In addition to the normal data permissions for app.houseparty.com, the extension also requests the ability to read your browsing history and communicate with cooperating websites.
Was Houseparty Hacked?
Some users went as far as claiming that hackers had even accessed their banking accounts.
Houseparty issued a statement regarding the claims, saying that an investigation found no breaches or data leaks.
“Immediately upon hearing these false reports, we assembled an internal team who worked alongside external experts to investigate. We determined these claims were not true,” the statement said.
The company suspects that the rumors formed part of a coordinated commercial smear campaign, offering a $1 million bounty for anyone who can find evidence.
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to firstname.lastname@example.org.
— Houseparty (@houseparty) March 31, 2020
According to a BBC report, one of the users who was hacked said that they use the same username and password across multiple accounts. This makes them a high-risk target whose information could have been accessed via a leak on any of the services where they use those credentials.
So far, no evidence points to a Houseparty hack. Rather, it seems that users recycling login details on multiple accounts may be the culprit. These users then blamed Houseparty since they installed it recently.
However, if you re-use login details across accounts, even years-old breaches can put you at risk for new account hacks.
Enjoy Video Chat Apps Safely
While Houseparty does collect information for marketing purposes, there’s no evidence that data from the service reached hackers.
Furthermore, at the time of writing, no egregious flaws in security have been found. This is in contrast with Zoom, which has attracted a significant amount of negative coverage due to its security and privacy issues.
If you’re looking for more options for video chat apps, check out our list of the best free apps for group video chats.
Read the full article: What You Need to Know About Houseparty’s Privacy and Security