Google may be scanning private files via Chrome's built-in anti-virus tool

Google's effort to make surfing on Windows computers “safer ” with basic antivirus features introduced last year, Chrome Cleanup Tool for Windows, which runs on ESET’s antivirus engine is raising some privacy concerns.

The Cleanup Tool is supposed to scan through your computer for malware, which it sends to Google with the metadata of the malware software, including some system information, and then asks your permission to remove the suspected malicious file.

But some findings from a security expert at SecurityScorecard, a cyber-security startup revealed that Chrome also scan private files in the Documents folder of Windows computer.

While Google's intentions are obviously to ensure security of users, but the rather lack of transparency on how it goes about it seems to violate their own policy for ‘user-friendly software’ that gave rise to the Chrome Cleanup tool.

The Chrome Cleanup Tool (CCT) is not a general purpose anti-virus, as its sole purpose is to detect and remove unwanted software that could affect the browser's performance. Albeit, the goal is to ensure Windows computers are free from malware, which install dangerous extensions, or manipulative ads serving to the unsuspecting users.

According to Justin Schuh, Chrome’s head of security there's 'potential data collection and associated consents as described in the Chrome Privacy Whitepaper, and every cleanup action requires an explicit user approval'.

Justin added that the tool runs weekly, and only has normal user privileges (which means it does’t scan deep into the system); its code is isolated from other programs (sandboxed), and users have to explicitly remove the files.

The Chrome team, however is investigating more opt-outs options, to balances against any potential for abuse.
Next Post »