A German security researcher Peter Welchering stated in an interview for a German newspaper namely Deutschlandfunk that Mozilla Foundation is collecting users’ personal data through the iOS version of Firefox Klar. Welchering’s findings were seconded by another researcher Hermann Sauer. The researchers collaborated together to evaluate the new app and identified the majority of data received by Adjust comprises of personal details of the users.
According to Welchering, the collected data is transmitted to another company called Adjust GmbH, which is a German data aggregation service. Furthermore, he acknowledged that the data collection feature is hidden in the “Send anonymous usage data” option, which is available in the Settings menu of the browser and comes activated by default for all new users of Firefox Klar.
Experts are referring to these claims as shallow findings because the researchers did not specifically state the exact range of data collection or precisely which information is being transmitted and used the term Extensive to define the nature and extent of data collection.
As expected, Mozilla has come out in public and openly denied these claims from German researcher. In a reply to news website Bleeping Computer, Mozilla explained its employed data collection practices for mobile devices on a support page and provided a clear-cut explanation of why, when and what sort of data it collects from users.
This particular post also explained the relationship Mozilla shares with Adjust and the company did admit that the collected data is sent to and saved by Adjust’s backend instead of Mozilla. This was indispensable, as per Mozilla, because Adjust SDK is already part of Firefox Focus, Firefox for Android, Firefox for iOS and Firefox Klar.
These apps occasionally deliver anonymous summaries regarding the frequency of application usage, but these summaries just include information about when the app was actively used. Firefox Klar and Firefox Focus also share information about the features of the app that users prefer to use, which is yet another anonymous report containing information about the filters being selected by users and how many times the search, erase and browse tabs were pressed.
According to Mozilla, the alleged personal data that is collected by the SDK is the IP address of the user while installing the app while the other is just regular data that all apps collect to understand how users are interacting and using the apps.
We also cannot say for sure if Mozilla is guilty or not unless the researchers provide authentic details about their claims and findings. Until then happy browsing.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.