If the devices are accessing a 3rd party API over the Internet to get this info, that control is still ceded, and attackers can still exploit vulnerabilities in all of these devices to attack large swaths of the network at once.