Looks like that "cheap and nice smartphone addon" might have a severe issue packed in.
"Hey #honey .. I compromised our #local #network so we could live more comfy. Hope you are chill with that 🥰"
All devices you can buy that depend on •SmartLife •Brilliant •Tuya
Will most likely require auth'ing into the device with your router credencials AND will also have the inteusive app itself act as data syphon (try disabling network features, they will refuse to work without phoning home / a server connection)
Even the hardware itself is primed to this. And attempting to dissolve the shackles https://github.com/tuya-cloudcutter/cloudcutter-android requires a tuya developer account, linux and flashing a FW. Very userunfriendly.
Very concerning indeed
Sources https://www.voanews.com/a/east-asia-pacific_voa-news-china_cybersecurity-experts-worried-chinese-firms-control-smart-devices/6209815.html https://www.reddit.com/r/homeautomation/comments/hh4tfc/privacy_tuyasmart_app_and_possibly_other_tuya/ https://pb.todon.de/@alcea/112354936990559485