Unwanted Cloud

Can the Defunc MONDO series of headphones and speakers be used without giving up your privacy? Keep reading to find out!

Cloud requirements

The MONDO app is available on both Android and iOS app stores. Unfortunately, the first thing you encounter when launching the app is a login screen. This means that basic functionality like equalizer settings and firmware updates are completely inaccessible without creating an account.

The app’s permission requests are particularly concerning. On iOS, it immediately asks for location and Bluetooth permissions before you can do anything. On Android, the situation is worse – after logging in, you’re bombarded with requests for permissions that have no reasonable connection to headphone functionality, including access to all photos and media on your device, and the ability to manage phone calls.

While you can use the MONDO devices as standard Bluetooth headphones without the app, any customization or firmware updates require creating an account and accepting these privacy-invasive permissions.

Data portability

The app provides no way to export your data. While the privacy policy states “You can contact us to request deletion of your personal information through the methods provided in this Privacy Policy, and we will reply within 15 working days”, there is no automated way to access or download your data.

Ecosystem openness

The MONDO devices function as standard Bluetooth headphones and speakers, which means they’ll work with any Bluetooth-capable device without additional software. However, accessing features like equalizer settings requires installing the proprietary app and also creating an account and agreeing to an expansive privacy policy.

Data privacy

While it’s possible to use the headphones without the app (and thus avoid data collection entirely), the app’s privacy policy raises serious concerns about data collection and sharing practices. It seems to be a boilerplate policy without much thought for the actual service provided.

The app requests an alarming array of permissions that go far beyond what’s needed for headphone functionality:

• Complete access to photos and media
• Audio recording capabilities
• List of all installed apps
• Location data and WiFi network scanning
• External storage access
• System settings modification
• Phone call monitoring

The privacy policy includes broad data sharing terms with:

• Undefined “affiliates”
• Third-party advertisers
• Academic research
• Generic “partners”

There appears to be no automated process for data deletion for this, and the policy lacks crucial details about:

• Data retention periods
• Geographic location of data storage
• Process for correcting personal information
• Clear opt-out mechanisms for data collection

Tested on Android and iOS using version 1.0 of the Unwanted Cloud methodology.