Thanks to ShadowAce for the ping!
Posted on 12/02/2024 11:24:15 AM PST by dayglored
If you've been tempted to download the Bing Wallpaper app to spice up your Windows 11 desktop backgrounds, you may want to think twice.
The Bing Wallpaper app - itself not a new product - was recently added to the Microsoft Store for simpler download and installation. Going on a gut feeling to investigate it when the app appeared on the store, Rafael Rivera discovered a heap of concerning capabilities that he said on X essentially make it a piece of Microsoft-developed "malware."
"Who makes a dedicated wallpaper app these days?" Rivera posited to The Register in response to questions about his findings, which answer the question for him.
"That [question] led me to take a look using basic tools, such as ILSpy for code decompilation and Windows Sandbox for testing and observation," Rivera said. "The code revealed concerning capabilities."
According to the self-identified Microsoft MVP alum, the Bing Wallpaper app includes undocumented features that enable it to alter Chrome browser extension preferences, and decrypt and read "all major browser cookies for user tracking purposes." It can also display user prompts with configurable timing to reduce annoyance, utilize encrypted configuration storage, and detect or intercept browser launches "to promote extensions and launch arbitrary URLs" that prompt users to switch to Bing and Edge inside their default browser.
In his thread on X, Rivera noted that the app also installs Bing Visual Search on host PCs without asking users.
"I've only scratched the surface," Rivera told us. "A full audit would be quite time-intensive and isn't where I want to focus my energy."
Feel free to audit it yourself, of course - but ESET already considers it a potentially unwanted program if that helps solidify the degree to which Bing Wallpaper is trusted.
When asked to disprove Rivera's claims, Microsoft assured us that "the Bing Wallpaper app does not peruse and decrypt all [emphasis added] user Edge and Chrome cookies," a distinction Rivera dismissed as "splitting hairs" - and notably, Redmond doesn't mention Firefox.
"The app locates where Google Chrome, Microsoft Edge, and Mozilla Firefox store their cookies, queries for cookies with names they are interested in (such as MUID), retrieves their encrypted content, and then proceeds to decrypt them, all without user intervention," Rivera said in response to Microsoft's claims. "The cookie values then appear to get sent to or are used by Microsoft."
Microsoft further noted that the app performs a Bing cookie check to avoid repeatedly offering users the Bing app if it's already installed, but didn't otherwise address the app's handling of cookies.
Redmond also told us that the Bing Wallpaper app isn't new, and the version added to the Microsoft Store didn't include any new functionality or changes from previous versions.
Rivera noted that Bing Wallpaper is distributed through multiple channels and in various forms that include the ability for it to be remotely reconfigured. "It's not immediately clear, or documented, which configurations do and do not offer/install certain features," he told us.
In short, you might want to take a pass on installing this one - it's another in a long line of questionable data gathering practices by Microsoft that show no sign of slowing down - after all, if the app is free, the company will surely seek some way to monetize it.
"What I find deeply troubling is Microsoft's willing development and distribution of what is essentially malware," Rivera said. "It's heartbreaking to see one of my favorite tech giants deliberately create software that undermines user privacy and autonomy." ®
Thanks to ShadowAce for the ping!
Anecdote about devices listening.
Took a drive last Friday with the Elvis channel playing on the Sirius in the car. I normally listen to much harder rock than that (Symphonic metal, Neue Deutsche Hart, Thrash, etc).
Lo and behold, the next day I had a Spotify offer for their Elvis channel on my phone.
We are all being monitored at all times by our devices, and our information harvested and sold without our permission.
You got to be kidding me! I never trust anything from the Windows App Store, and it’s because of shenanigans like this. Yeesh.
I can't wait for the day my "smart" refrigerator emails to me that it saw a container of whole milk and shouldn't I be drinking skim at my age?
Ever read the Terms of Service for all of these things? You gave your permission when you clicked "Agree".
“(Microsoft free tool snooping on users? Surely not!)”
It it, and don’t call me Shirley.
This is what pays for “free” software. It’s called theft.
Sure is nice that wallpaper spies on us now... man, ‘o man.
I may switch to Linux soon. Run the Titus Tech “debloat\privacy” tool on my Windows 10 and 11 boxes and then Murena e/OS/ on our droids. Coupled with NextDNS. Insanity.
About two more years before I retire. At that point I will go 100% Linux.
I didn’t agree to have my telephone monitoring what radio program I am listening to in any agreement I’ve signed.
Just like Fakebook and Youtube. I don’t even have those on my phone, yet things I discuss somehow end up in my Youtube and Facebook feeds.
Any wallpaper is just a image or color.
No software should be needed to install the images other then what is on Windows already.
Store image in a folder then do the following:
In Windows 10 you right click on the Desktop and click Personalize in the menu.
Choose in dropdown menu Picture or Solid color or Slideshow
Click on Browse to go to the folder.
Decades ago companies banned installing wallpaper software from sites because of spyware, viruses.
Now Microsoft is installing spyware like Windows 11 which will recall everything you do. They promise not to send that info to themselves... or sell to others. Yeah right.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.