In the wake of Facebook’s Cambridge Analytica scandal, it is hard for the internet user to lay their trust in companies, even if that company is Google itself. Recently cybersecurity experts found Google Chrome’s inbuilt antivirus solution was scanning files on their computer for malware.
An antivirus tool scanning your computer is nothing new, but chrome’s cleanup tool is really not meant to scan your computer’s files.
The lack of transparency on Google’s part is what concerns a lot of people. After all, Chrome is the most popular browser in the world.
Google did not publically mention that this new update would enable CCT to scan your computer.
Chrome looks through your computer files to check for any malware that might be of harm to the browser itself. If it finds any threats, a popup asks you what action to take.
Information regarding the malware is then sent to Google. Users can opt to not send data to Google by simply unchecking the particular option in the popup.
Even though Google’s intention is security minded, experts all around the world are saying that Google should have been more transparent and they should have publicized any update that looks through personal data.
Regardless of the need, a browser should simply never look through your personal data. Many took to social media to voice their distress.
Google eventually responded after a security researcher Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, took to Twitter to express her concern.
The sole purpose of the tool is to find and remove unwanted software that can manipulate Chrome, said the head of Google Chrome security Justin Schuh. He went on to say that the system tool is Sandboxed and only you have the privilege to remove the files.
Should You Be Concerned?
While data theft is alarming for users, the situation with chrome is different. It is simply trying to eliminate threats that will install rouge extensions and also remove unwanted ads and spam from appearing on Chrome.
Chrome scans your files once in a week through CCT and that too for 15 minutes. CCT was integrated into chrome last year.
It was a major update where Google promised a cleaner and safer internet experience. It mentioned the inclusion of a basic antivirus program as well.
There is no need to panic here as anything that is scanned never leaves the system and get sent to the cloud.
Currently, CCT is harmless. What is yet to be seen is CCT’s potential vulnerabilities to getting high jacked and misused by hackers. The potential for abuse is there, but it is highly unlikely.
Google should improve their transparency with such updates. They should learn from what Facebook is currently going through.
Users should also be updated on the software and platforms on which they share data. If a tool needs to search through computer files it should ask for proper consent before doing so. Developers should look at the android app permission system as an example.
This obvious scenario will trigger cybersecurity to look into Google’s software options and check whether they are collecting data. If a security breach is found it can be disastrous for the internet giant.