SoK: Synthesizing Smart Home Privacy Protection Mechanisms Across Academic Proposals and Commercial Documentations
Shuning Zhang, Yijing Liu, Yuyu Liu, Ying Ma, Shixuan Li, Xin Yi, Qian Wu, Hewu Li
TL;DR
The paper investigates the privacy protection mechanisms (PPMs) for smart home devices by comparing academic proposals with manufacturers’ public disclosures. It uses a two-phase study: a systematic literature review of $117$ papers and an empirical analysis of $86$ commercial SHDs to map three PPM categories (content-based, system-based, algorithm-based) and assess deployment realities. The findings show a gap between academia and industry: researchers favor technical, often non-deployed PPMs, while public disclosures focus on post-hoc data management and practical controls, with limited evidence of preventive, architecture-level protections. The work highlights a misalignment in threat modeling, data lifecycle considerations, and regulatory alignment, and argues for deployable frameworks, real-world validation, interoperability, and standardized architectural transparency to advance practical SHD privacy protections. These insights aim to guide researchers, industry, and policymakers toward actionable, verifiable privacy protections that can be adopted in real-world smart homes.
Abstract
Pervasive data collection by Smart Home Devices (SHDs) demands robust Privacy Protection Mechanisms (PPMs). The effectiveness of many PPMs, particularly user-facing controls, depends on user awareness and adoption, which are shaped by manufacturers' public documentations. However, the landscape of academic proposals and commercial disclosures remains underexplored. To address this gap, we investigate: (1) What PPMs have academics proposed, and how are these PPMs evaluated? (2) What PPMs do manufacturers document and what factors affect these documentation? To address these questions, we conduct a two-phase study, synthesizing a systematic review of 117 academic papers with an empirical analysis of 86 SHDs' publicly disclosed documentations. Our review of academic literature reveals a strong focus on novel system- and algorithm-based PPMs. However, these proposals neglect deployment barriers (e.g., cost, interoperability), and lack real-world field validation and legal analysis. Concurrently, our analysis of commercial SHDs finds that advanced academic proposals are absent from public discourse. Industry postures are fundamentally reactive, prioritizing compliance via post-hoc data management (e.g., deletion options), rather than the preventative controls favored by academia. The documented protections correspondingly converge on a small set of practical mechanisms, such as physical buttons and localized processing. By synthesizing these findings, we advocate for research to analyze challenges, provide deployable frameworks, real-world field validation, and interoperability solutions to advance practical PPMs.