A recent study found that the Clean Master cybersecurity application from China's Cheetah Mobile has been recording more user data than it probably should. While it promises antivirus protection and private browsing, the app is understood to have been recording online browsing, searches, and the name of every Wi-Fi access point the device connects to.
The report is only the latest in a line of controversies for the company and app. In 2014, it was found that ads promoting Clean Master tried to scare users into downloading the app with pop-ups that told them a virus had infected their device. In 2018, the corporation was accused of conducting ad fraud which led to Google removing all of Cheetah Mobile’s applications from the Play Store. Regardless, the app remained active and popular, possessing over one billion installs before its ban.
A recent study, run by researcher Gabi Cirli of the cybersecurity company White Ops, revealed that Cheetah had been collecting data through its applications, Security Master, Clean Master, CM Browser, and CM Launcher. “Technically speaking, they have a privacy policy that covers kind of everything and gives them a blank check to exfiltrate everything,” Cirlig told Forbes. Adding, that while its unclear if Cheetah’s actions are punishable, they are close to crossing a clear line.
Cheetah admitted to the claims, but added that it had no intention of using data to compromise user privacy. The company says that, while its headquarters are in Beijing, China, it sends the data it collects to a remote Amazon Web Services system. Operating in a foreign country, with products only accessible via the internet, results in a large grey area. Google removed the company’s applications on account of its policies, not those of a governing body. Similarly, the US Patriot Act only punishes unauthorized access to a computer. Legally, what Cheetah has done can be interpreted as no different from the actions of Facebook, a company that was sued by California for privacy violations. A major difference is that Facebook is an American-based company, while Cheetah is not.
Through its applications, Cheetah has created catalogs of user data and to the point where, if unencrypted, it’d be easy to identify users. While Cheetah claims to abide by local privacy laws, its location in China is cause for concern. The government of mainland China requires all corporations operating within its borders to be able to share information, if requested. While it remains unclear whether China would do anything with (or even want) this data, the possibility remains there, due to where Cheetah operates from.
Source: Forbes
from ScreenRant - Feed https://ift.tt/3ctERIV
No comments: