Security software "Avast" and "AVG" browser add -on immediately!
Security software is not always safe.
Following the report that the user's web history is unnecessarily absorbing, two browsers have excluded the AVAST and AVG online security add -ons from the webstore.
Collection of mysterious data in browser expansion of security apps
The first report of this issue was Wladimir Palant, the developer of Adblock Plus, and the issue is Avast Online Security, Avast Safeprice, and also owned by Avast.It extends to add -ons such as AVG Online Security and AVG Safeprice.He mentioned this issue in a blog post in October and reported directly to two companies.As a countermeasure, Mozilla and Opera were both excluded add -ons affected from the store.However, as of the first week of December, it still exists in the Chrome add -on store.
Palant investigated network traffic using developer tools.It turned out that the add -on in question was collecting data on the user's web history and behavior.The contents of the data include the browsing URL, the URL used to fly there, the national code, the OS version of your device.According to Palant, these data is unnecessary for add -ons to work.
In his first post, the two companies' privacy rules had the wording about these data collection, but now has disappeared.However, there is a page that Wayback Machine archived on November 4:
The software may collect information on your computer and our products and services on top of it.Also, depending on the type of device, depending on the OS, device settings, application identifiers, IP addresses, regional information, cookies, crash data (our own analysis tools, tools provided by third -party, CRASHLYRICCS, andCollect (through Firebase, etc.).The device and network data are connected to the installation GUID.
We collect devices and network data from all users.We collect and store it, which is necessary for software movements, monitoring products and services, research, crash diagnosis and repair, bug detection, and repairing security and software vulnerabilities (that is, for you.Limited to those that are necessary for contracts that provide services.
According to Avast, "URL history is required"
The company acknowledges that these data had been collected during this old version of the privacy rules.However, it is not clear which version was stored in both versions.According to the Avast Spokes Person, these rules were rewritten to shorten the previous terms of 70 pages.
"I re -edited many of the content to make it easier for users to read. This is nothing to do with Palant's blog posting."As Palant says, "monitoring your own users is clearly violating the rules of Mozilla and Google signed by add -on developers."
It is unknown why it was left in the Google store, but the company did not comment on Gizmodo.
According to Avast's answer to Gizmodo, the company is currently working with Mozilla to solve problems.
"We have been distributing Avast Online Security and Safeprice through the Mozilla Store for many years. Since Mozilla has recently updated the Store Terms, we cooperate with Mozilla to clear new requirements and make the necessary corrections for add -ons.There are already some of them, and we will continue to update in the next few days and release them completely in line with the rules. "
According to AVAST's spokesperson in email to Gizmodo in the United States, "URL history is necessary to show this service as expected," but then we have collected local information.It is not the reason for this.
One thing that is clear, however, is that there are signaguards such as contracts to prevent spyware from entering stores such as Chrome and Firefox, but sometimes it is insufficient.
After all, the obligation to keep your data safe is for the user himself.