A recent study found that Cheetah Mobile’s Clean Master cybersecurity app in China is recording more user data than it probably should be. While it promises virus protection and private browsing, the app is supposed to record online browsing, searches, and the name of each Wi-Fi hotspot the device connects to.
The report is just the latest in a series of controversies for the business and the app. In 2014, it was found that advertisements promoting Clean Master were trying to scare users from downloading the app with pop-up windows telling them that a virus had infected their device. In 2018, the company was charged with ad fraud, which led Google to remove all Cheetah Mobile apps from the Play Store. Either way, the app remained active and popular, having more than a billion installations before it was banned.
Click the button below to start this article in quick view.
A recent study, led by researcher Gabi Cirli of the cybersecurity company White Ops, found that Cheetah had collected data through its applications, Security Master, Clean Master, CM Browser and CM Launcher. “Technically speaking, they have a privacy policy that covers everything and gives them a blank check to exfiltrate everything,” said Cirlig. Forbes. Adding that, although it is not clear whether Cheetah’s actions are punishable, they are about to cross a clear line.
Cheetah Gray Operating Area
Cheetah admitted the claims, but added that he did not intend to use data to compromise user privacy. The company says that while headquartered in Beijing, China, it sends the data it collects to a remote Amazon Web Services system. Operating in a foreign country, with products only accessible via the Internet, results in a large gray area. Google removed the company’s apps because of its rules, not those of a governing body. Likewise, the US Patriot Act only punishes unauthorized access to a computer. Legally, what Cheetah did cannot be interpreted to be any different from the actions of Facebook, a company that has been sued by California for breach of privacy. A major difference is that Facebook is an American company, unlike Cheetah.
Through its applications, Cheetah has created catalogs of user data and to the point where, if not encrypted, it would be easy to identify users. While Cheetah claims to respect local privacy laws, its location in China is cause for concern. The government of mainland China requires that all companies operating within its borders be able to share information, when requested. Although it is not clear whether China would do anything with (or even want) this data, the possibility remains there, due to the location where Cheetah operates.
Source: Forbes
