Mysk🇨🇦🇩🇪Mar 9, 2023

Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.🤦‍♂️

In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.

The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵‍💫

#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft

https://youtu.be/r5456XXG6v0

Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement

YouTube
Show threadMysk🇨🇦🇩🇪Mar 10, 2023

It's their app. They can set whatever rules they please, but to give this nonsense reason as to why users have to accept sharing analytics is unfathomable.

"To keep Authenticator secure and up to date, we need to collect basic app diagnostic data" 🤯
#Microsoft #Authenticator

Show threadDerek Means
@mysk didn’t you say that the Google Auth App was surprisingly not invasive
Mar 14, 2023 at 2:22amWeb
Show threadMysk🇨🇦🇩🇪Mar 14, 2023
@dcmeans7 This is Microsoft Authenticator