Hmm, should I be worried...?
I think I can guess the device and manufacturer from the feature and behaviour descriptions. They make another Io[T|S] gadget that isn't anything like as easy to DIY with a Raspberry and a few cheap components, which I own. What is the chances the same core "authentication" code is in there? It, like this, phones home to their servers for management, and set up by an App in a very similar way.