Mysk🇨🇦🇩🇪Mar 9, 2023

Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.🤦‍♂️

In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.

The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵‍💫

#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft

https://youtu.be/r5456XXG6v0

Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement

YouTube
Show threadMysk🇨🇦🇩🇪Mar 10, 2023

It's their app. They can set whatever rules they please, but to give this nonsense reason as to why users have to accept sharing analytics is unfathomable.

"To keep Authenticator secure and up to date, we need to collect basic app diagnostic data" 🤯
#Microsoft #Authenticator

Show thread𝚒𝙱𝚎𝚗𝚍𝚎𝚛𝟽𝟶 🐘

@mysk Any idea what conclusions Microsoft can draw out of this analytics data?

But of course it is a bad move to send analytics data even before the user made up his mind if he wants to do it or not.

And the justification for sending the analytics data is nonsense from my point of view.

Mar 11, 2023 at 7:33amWeb
Show threadMysk🇨🇦🇩🇪Mar 11, 2023
@iBender70 It's just an indicator of how serious they are about privacy and respecting user data, even if it is not identifiable.