Hello Tapoers,

I am writing to urgently report a critical security and privacy design flaw regarding local SD card storage management introduced in recent Tapo app/firmware updates. This feature, allowing users to delete specific video segments directly from the smartphone, creates a massive vulnerability.

Previously, as seen in firmware Version:1.5.3 Build 260304 Rel.25729n (referencing image Screenshot_20260601_135346_Tapo.jpg), the only deletion option was to format the entire SD card, which would be a massive red flag.

The new feature, which granularly deletes specific clips, has now been added in Version:1.6.3 Build 260423 Rel.6090n (referencing image Screenshot_20260601_135152_Tapo.jpg), and potentially other iterations around this version.

**The Threat Model:**

If a user's smartphone is compromised (via device cloning, spyware, session hijacking, or unauthorized physical access), a malicious actor can now surgically delete specific security footage—such as the exact timeframe they entered a property—leaving the rest of the timeline intact. The owner would be completely unaware that critical evidence was removed, as no obvious trace is left.

**Required Action:**

Evidence integrity must be the top priority for a security system. I strongly urge you to take one of the following actions immediately in the next update:

 1. **Rollback:** Completely remove the granular deletion feature for local SD card storage.

 2. **Hard Security Gate:** Require secondary authentication (e.g., account password or biometrics) specifically for deleting any local files.

 3. **Immutable Audit Log:** Implement a non-deletable log entry that explicitly notifies the primary account holder when specific clips are deleted from an SD card.

This feature compromises the core function of a security camera. Please escalate this to your product and security engineers.

I look forward to your prompt response.

Best regards,

Deyan Petrov