Amazon promised that the intimate photos you took in your underwear for body fat scanning would be deleted from their servers automatically. But the FTC caught Amazon keeping kids' voice recordings forever despite similar deletion promises with Alexa. There's no proof the body scan photos were actually deleted as claimed. Amazon said your voice recordings for mood analysis never leave your phone. But the app has permission to record audio AND send data to the internet in the background, plus it contains advertising trackers. There's nothing technically stopping the app from sending your voice data to Amazon's servers despite their promise.
What they claim: Amazon stated that Halo Tone voice samples are 'processed on-phone only' — encrypted via Bluetooth from band to phone, processed locally, then automatically deleted. Audio clips are 'not sent to the cloud'.
What we found: The Amazon Halo app requests both RECORD_AUDIO and INTERNET permissions simultaneously, plus FOREGROUND_SERVICE_DATA_SYNC for background data uploading. The app includes Amazon Analytics and Amazon Advertisement trackers. While RECORD_AUDIO is needed for the Tone feature, combining it with unrestricted INTERNET access, background sync services, and advertising trackers creates a technical capability to transmit audio data to Amazon's cloud, contradicting on-device-only processing claims.
What they claim: Amazon marketed the Halo Band as a health and wellness device priced at $69.99 (below manufacturing cost) with a $3.99/month subscription, positioning it as an affordable health tool.
What we found: Hardware teardown reveals sophisticated sensor array: MAX86141 optical heart-rate sensor, 2x AS6200 temperature sensors, ICM-20600 6-axis IMU, 2x MEMS microphones, 256Mbit Micron flash, custom SiP module — component costs alone likely exceed retail price. Senator Klobuchar's letter to HHS specifically cited below-cost pricing as evidence that the data was the product. Amazon collected 3D body scans in underwear, continuous voice emotional analysis, heart rate, skin temperature, and sleep patterns through a device sold at a loss.
What they claim: When discontinuing Halo, Amazon stated 'remaining Halo health data will be deleted after August 1, 2023' and gave users a window to download their data.
What we found: Amazon discontinued Halo with ~3 months notice (announced April 26, ceased August 1, 2023). All devices bricked. No independent audit verified data deletion. Amazon's simultaneous FTC settlements for retaining Alexa recordings ($25M) and Ring surveillance data ($5.8M) demonstrate a pattern where claimed data deletion was not performed. Users who didn't download before the deadline lost all access with no verification Amazon actually deleted backend copies.
What they claim: Amazon stated that body scan images are processed and 'automatically deleted from the cloud after processing,' with photos stored only on the user's device.
What we found: The Halo app requests CAMERA, READ_MEDIA_IMAGES, and READ_EXTERNAL_STORAGE permissions combined with INTERNET and FOREGROUND_SERVICE_DATA_SYNC. This gives the app persistent capability to access the camera, read stored images, and upload data in the background — a technical surface far exceeding the stated 'scan and delete' workflow.
What they claim: Amazon marketed Halo as giving users control over their health data, with a physical mute button on the band for the Tone microphone feature.
What we found: The app requests BODY_SENSORS_BACKGROUND permission, allowing continuous collection of heart rate, skin temperature, and motion data even when the app is not in use. Combined with RECEIVE_BOOT_COMPLETED (auto-start on reboot) and WAKE_LOCK (prevent sleep), the app maintains persistent background biometric access. The physical mute button only controls the microphone — there is no way to pause heart rate, temperature, or motion monitoring without removing the band.
What they claim: Amazon collected 3D body scans in underwear, continuous voice emotional analysis, heart rate, skin temperature, and sleep data through the Halo Band.
What we found: The FTC's June 2023 biometric policy statement warns that collecting biometric data (voice prints, body measurements, health indicators) without adequate consent constitutes an unfair or deceptive practice under Section 5 of the FTC Act. The Halo app's permissions — RECORD_AUDIO, CAMERA, BODY_SENSORS, BODY_SENSORS_BACKGROUND, ACCESS_BACKGROUND_LOCATION, HIGH_SAMPLING_RATE_SENSORS, ACTIVITY_RECOGNITION — represent the most comprehensive biometric surveillance capability of any consumer fitness app. Amazon discontinued Halo weeks before this FTC policy was published.
What they claim: Amazon's Halo privacy policy explicitly stated: 'We do not use Amazon Halo health data for marketing, product recommendations, or advertising. We do not sell Amazon Halo health data.'
What we found: The Amazon Halo companion app contains Amazon Advertisement and Amazon Analytics trackers alongside Google Firebase Analytics. The AD_ID permission is requested, providing access to the Google Advertising ID for cross-app ad targeting. Mozilla's Privacy Not Included review found that 'Amazon combines data on its users with data from third parties, for advertisement purposes.' Advertising SDKs and ad tracking IDs in a health app directly contradict claims that health data isn't used for marketing.
What they claim: Amazon's Halo privacy policy treated health data as separate from other Amazon services, with distinct terms for Halo data usage.
What we found: The Halo app includes Amazon Advertisement and Amazon Analytics trackers — the same tracking infrastructure across all Amazon services (Alexa, Ring, Kindle, Shopping). The AD_ID permission creates a cross-service identifier. Amazon simultaneously operated Amazon Pharmacy, One Medical, Amazon Clinic, and Halo — all collecting health data under separate policies but linked by the same Amazon account and advertising identity. Mozilla confirmed Amazon 'combines data on its users with data from third parties.'
What they claim: Amazon's Halo privacy page stated body scan images are 'automatically deleted from the cloud after processing' and stored only on the user's phone.
What we found: FTC/DOJ found Amazon retained children's Alexa voice recordings indefinitely despite promises to delete them, resulting in a $25 million penalty (2023). This demonstrated a company-wide pattern of retaining data beyond stated deletion timelines. No independent audit verified Halo body scan deletion claims before the service was discontinued.
What they claim: The Amazon Halo Band is a BLE-only device (no Wi-Fi, no GPS, no cellular) that syncs exclusively via Bluetooth to the companion phone. Location is not a core device feature.
What we found: The Halo app requests ACCESS_BACKGROUND_LOCATION, ACCESS_FINE_LOCATION, and ACCESS_COARSE_LOCATION. A BLE-only wearable with no GPS has no legitimate need for background location tracking. While ACCESS_FINE_LOCATION is technically required on some Android versions for BLE scanning, ACCESS_BACKGROUND_LOCATION goes beyond this — it allows continuous GPS tracking even when the app is closed.