Google says your doorbell video stays separate from advertising, and promotes on-device AI as a privacy feature. But all your video still gets uploaded to Google's cloud, and your doorbell is linked to the same Google account as your search history, YouTube, and Gmail. Asking your doorbell questions through Google Assistant can directly influence the ads you see. Google tells you that you can access, review, and delete your doorbell video at any time. But when the FBI needed footage in a criminal case, Google recovered video from their backend systems that the user could no longer see in the app. Your "deleted" video may still exist on Google's servers.
What they claim: The Nest Doorbell Wired 2nd Gen firmware uses TLS/SSL with AES-128 encryption and Verified Boot (secure boot) to protect data in transit and prevent unauthorized firmware modifications.
What we found: CVE-2024-44097 (CVSS 9.8 Critical) reveals the device did not properly validate TLS server certificates, allowing network attackers to intercept connections and read video streams and credentials. This means the encryption Google marketed as protecting user data was fundamentally broken — a man-in-the-middle attacker on the same network could watch your doorbell video feed in real time. The vulnerability affected all Nest cameras and doorbells.
What they claim: The Nest Doorbell is marketed as a video doorbell with on-device ML for person, package, animal, and vehicle detection. Its primary function is video monitoring of your front door.
What we found: The Google Home companion app (com.google.android.apps.chromecast.app) requests 35 permissions including: CALL_PHONE (make phone calls), GET_ACCOUNTS (access accounts on device), CAMERA (access phone camera), RECORD_AUDIO (record audio on phone), MANAGE_ACCOUNTS (manage device accounts), QUERY_ALL_PACKAGES (scan all installed apps), ACCESS_FINE_LOCATION, and WRITE_EXTERNAL_STORAGE. Many of these permissions far exceed what is needed to control a video doorbell. QUERY_ALL_PACKAGES in particular allows Google to scan every app installed on your phone.
What they claim: Google states it will "clearly explain what types of information these sensors send to Google" and commits to transparency about data collection.
What we found: Google was fined $391.5 million by 40 state attorneys general (2022) for misleading users about location tracking — continuing to track location even after users disabled Location History through a hidden Web & App Activity setting. An additional $93 million settlement (2023) and $170 million FTC COPPA fine (2019) for collecting children's data without consent. This pattern of deceptive data practices directly contradicts Google's transparency commitments for Nest devices.
What they claim: Google Safety Center states it provides "clear visual indicator (such as a green light on your device)" when camera is active and commits to user awareness of recording.
What we found: The Nest Doorbell Wired 2nd Gen provides 24/7 continuous recording — the camera is always on by design. The Google Home app has RECORD_AUDIO permission which allows recording through the phone's microphone independent of the doorbell. The app's Google Firebase Analytics tracker sends usage telemetry. While the doorbell has a status light, the 24/7 nature means there is no distinction between "recording" and "not recording" states — the light is always on, making the visual indicator meaningless.
What they claim: Google Safety Center states: "keep your video footage, audio recordings and home environment sensor readings separate from advertising." Google also commits to on-device ML processing as a privacy feature.
What we found: The Nest Doorbell Wired 2nd Gen uploads ALL video to Google cloud servers for storage, indexing, and event search — despite on-device ML being marketed as a privacy feature. The device connects to 10+ Google endpoints including firestore.googleapis.com, clients3.google.com, and cloudresourcemanager.googleapis.com. While Google claims video is separate from ads, the Google account linking doorbell footage to search history, YouTube, Gmail, and Maps creates a unified profile. Google Assistant text interactions explicitly MAY inform ad personalization.
What they claim: Google Safety Center states: "can access, review and delete this footage at any time" and implies users have full control over their video data.
What we found: In the Nancy Guthrie case (2026), FBI investigators recovered video footage from Google Nest camera backend systems even after the footage was no longer visible to the user in the Google Home app. This proves Google retains video data in backend infrastructure beyond what users can see or delete, directly contradicting the claim that users have full control over their footage.
What they claim: Google Safety Center states: "only share video footage with third-party apps...if you...explicitly gives us permission" and presents user consent as the standard for sharing video.
What we found: Google confirmed it will share Nest doorbell footage with law enforcement WITHOUT a warrant in emergency situations under the ECPA exception. Unlike Ring which published transparency reports showing 11 warrantless disclosures in 2022, Google has not published specific numbers for Nest emergency disclosures. The privacy policy does not prominently disclose this warrantless sharing capability.
What they claim: Google Home app is the sole interface for managing the Nest Doorbell, requiring a Google account for all functionality.
What we found: The Google Home app requests ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions. Google was fined $391.5 million for deceptive location tracking through the same Google account ecosystem. Mozilla's review found Google collects location data, search history, purchase activity, and app usage, and allows third-party partners to collect information through cookies. The app also requests QUERY_ALL_PACKAGES to enumerate all installed apps on the phone, providing Google with a detailed profile beyond doorbell usage.
What they claim: Google markets on-device ML processing for familiar face detection, person detection, and package detection as privacy-preserving features that keep processing local.
What we found: Despite on-device ML handling initial detection, all event clips and 24/7 continuous video are uploaded to Google's cloud servers via 10+ hardcoded endpoints. Google Home Premium subscription is required for 24/7 video history (up to 10 days) and extended event history (up to 60 days). Free tier retains only 3 hours. The subscription model means Google stores and manages vast amounts of doorbell footage in their cloud. Familiar face labels, while processed on-device, sync to the Google account for cross-device access.
What they claim: Google commits to 5 years of automatic security updates and participates in the Google Vulnerability Reward Program for responsible disclosure.
What we found: CVE-2024-44097 (CVSS 9.8 Critical) — a fundamental TLS certificate validation flaw — existed in production firmware affecting all Nest cameras and doorbells. This is not a sophisticated zero-day but a basic security oversight: the device failed to validate server certificates. The Nest Doorbell Wired 2nd Gen was released in October 2022, meaning this critical vulnerability may have existed for approximately 2 years before the October 2024 patch. Despite the vulnerability reward program, this fundamental flaw went undetected in the field.