Warning to Christmas shoppers enticed by cheap air fryers as experts say low cost products are TOO good to be true

Kitchen gadget fans eyeing up Black Friday deals on air fryers are being warned to think again before snapping up discounted 'smart' versions - because the cut-price cookers could be sending your data abroad.

An investigation by consumer magazine Which? has found three brands of WiFi-enabled desktop roaster made by Xiaomi, Aigostar and Cosori are asking users for access to their location and even their microphones.

The data is collected via the cookers' companion apps, which are downloaded from the App Store or Google Play Store to enable 'smart' features such as turning them on and off or changing the temperature remotely.

Those functions are impressive to show off - and the app-enabled smart ovens, which are often made by unknown brands, are often either cheaper, or only slightly more than the 'dumb' air fryers sold by big brands like Ninja.

But tech experts say shoppers hunting out Christmas bargains on web-connected cookers will pay a huge price - by handing over absurd amounts of data about themselves in exchange for making big savings at the till.

And that's before considering the spate of air fryer fires breaking out in British homes - for which data is worryingly incomplete .

The data can range from your phone's exact location to, bizarrely, access to your phone's photos and videos and your device's unique ID - a goldmine for advertisers who use them to build up a profile of a phone owner in order to target you with ads.

Which? found the data was being sent abroad to data centres in China.

Jake Moore, global cybersecurity advisor at tech protection firm ESET, says this would explain why some of the devices are so cheap - as personal information is worth infinitely more to tech firms than any profit they might make on a single sale.

'These devices are very much marketed along the lines that consumers want, or at least think they want, smart tech in the home because they're marketed as coming with extra special features,' he told MailOnline.

'But to do so they will suggest they need all of your precious data, or a large proportion of your data, to make those devices smarter.

'But the truth is, one, they don't even need to be smart, and two, they don't need all of your precious information to activate the majority of those smart features.

'My smart tech in my kitchen doesn't need to know when I'm at home. It will know I'm at home, because I'll go and turn it on.

'What I've actually found is that a lot of smart device versions of the equivalent of a "dumb" device is often cheaper, to incentivise the buyer to purchase it.

'They are collecting data potentially to sell it to advertisers. That is the big business these days.

'Your data is a huge currency in its own right, and advertisers are desperate to get hold of that information.'

Cosori, one of the firms named by Which? as among those collecting 'risky' data, sells its air fryers via Amazon as well as via an officially licensed reseller.

MailOnline found it was selling identically sized 'dumb' and 'smart' 5.5 litre air fryers for £69.99 each - but the smart-enabled version is actually cheaper with a 10 per cent voucher.

Xiaomi, meanwhile, only sells smart home tech - meaning its devices all come with the companion app. It is selling a 3.5L smart air fryer on its own website for just £39.99 - with an extra £5 off on top with a coupon.

A similar capacity 3.8L Ninja air fryer is currently £69 on Argos - discounted from the usual RRP of £79.

Aigostar, meanwhile, doesn't seem to sell smart air fryers in the UK at present: its air fryer products are 'currently unavailable' on Amazon, with some available from third-party wholesalers, or second-hand.

Which? tested the Android versions of the apps, which have less stringent controls around privacy than the Apple versions and are downloaded from the Google Play Store.

Each has a privacy declaration on the Play Store to tell users how many data they want to collect - but these appear to be misleading.

Xiaomi and Aigostar declare that their apps do not share information with external companies like advertisers on the Google Play Store - but their online privacy statements, written in dense legalese, say that they do.

Google declined to comment - but the company directed MailOnline to its developer guidelines for declaring data collection, which tell companies to make sure they are making 'complete and accurate' statements about how they gather users' personal information.

It warns app-makers: 'When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.'

Which? claims two of the firms, Aigostar and Xiaomi, send personal data to servers based in China - a claim Xiaomi has described as 'inaccurate and misleading'.

A spokesperson for Xiaomi UK told MailOnline: 'We are aware of the recent press release by Which? and some information in it including "Xiaomi fryer sent people's personal information to servers in China" is inaccurate and misleading, which could be resulted from some misunderstandings.

'Our privacy policy is developed to comply with applicable regulations such as the UK GDPR and the DPA (Data Protection Act) 2018.

'By complying with local applicable laws and regulations in markets where Xiaomi operates, user data are stored in compliance with local laws.

'We do not sell any personal information to third parties. Xiaomi Home app may include third-party products or services depending on markets and regions.'

It previously said permission to record microphone audio was not necessary to use the air fryer's smart features.

A Cosori spokesperson previously said: 'We prioritize privacy, and subject to our internal compliance requirements, the smart products must comply with GDPR.'

MailOnline has contacted Aigostar and Cosori's parent firm Vesync for further comment.

Which? found that apps such as those used to control the air fryers are loaded with trackers for social media platforms such as Facebook and TikTok.

Eliot Bendinelli, of campaign group Privacy International, said it's often unclear which trackers apps are loaded with and why.

'Most of the time developers will say that this is for improving services and products or audience targeting, i.e. understanding who bought the product,' he said.

'The truth is that this data can be used for any purpose and once the data has been collected it's very difficult to understand how it's processed and for what purpose.'

He has suggested that such data collection could be unlawful - and blasted 'forced consent', the idea that you cannot use an app without accepting its terms and conditions in full.

He added: 'People don't expect to have their appliances to spy on them so that the company they bought the device from can make money out of their personal lives. And if they knew they would probably refuse.'

Harry Rose, editor of Which?, said the data was being collected with 'reckless abandon' and with 'little or no transparency'.

The Information Commissioner's Office says it is issuing new guidance for smart device manufacturers to ensure they comply with data protection laws.

Its top policy adviser Slavka Bielikova said the products were failing to meet data protection expectations, telling The Times : 'It's vital that consumers trust smart product manufacturers to use their information safely and in the ways they expect.'

Jake Moore of ESET says there are also greater privacy concerns than just the apps' abilities to collect your personal information - but rather, what happens if those apps are compromised by hackers who gain access to your data.

He added: 'Even if apps aren't sharing information with advertisers, malicious actors could get hold of your personal data and such devices - your home heating, your lighting.

'It really starts to become a worry with the amount of data we're giving away to companies, unbeknownst to customers. The tracking with social media accounts really does highlight how much they are tracking data for advertisers.

'People really need to think about how much data they give away and really be quite picky with what is given to these companies.

'Most of these devices do not need the vast majority of data that is given away for them to store and analyse and sell. Because once your data is out there, there's no way you'll ever get it back.

'It will reside in databases all over the world forevermore.'

Your browser does not support iframes.

To combat how much data people share, Jake suggests creating a second email address for online shopping and apps with as little personal information attached as possible.

For those more technologically minded, he suggests creating a second WiFi network for the devices to run on seperate from your internet connection.

But his best advice for so-called 'smart' air fryers is to consider whether the trade-off of personal data is worth using the smart features at all.

'Just think about how much you will use these features - people want to use all the great new things that they're being advertised with, but then they don't end up using them again and go back to using the manual buttons.

'If that's the case, I suggest people delete their profile and then remove the app from their phone,' he says.

'They'll still be an air fryer, or fridge, or a toaster, or whatever, and they still work very well, often better, without the extra step of including an application.

'Unfortunately, the companies that make these are desperate for all our data, and unfortunately, a lot of people are willing to give it away for free.'