Hello everyone,
Thanks to my firewall, I was able to make a very disturbing discovery.
When you create applications using Chromium (CEF), your application sends data to Google’s servers (at the URL update.googleapis.com). The request includes computer information (OS, Version) and other non-understandable data (see example request).
In the context of respecting the privacy of my end users as well as complying with the GDPR, using this component is risky and exposes you to legal action in EU countries.
Is it possible to disable this spyware?
Example query extracted via WireShark utility :
POST /service/update2/json?cup2key=11:tre3r54BdQPBJVRmP77LhLTUDuZMZgGkXAB9eU0D3uk&cup2hreq=6c0ecaa2b82153b3d82f1680bbe5147f601d93760e8062dd30a8716bfbc49f8a HTTP/1.1
Host: update.googleapis.com
Connection: keep-alive
Content-Length: 923
X-Goog-Update-AppId: oimompecagnajdejgnnjijobebaeigek
X-Goog-Update-Interactivity: bg
X-Goog-Update-Updater: chromium-101.0.4951.67
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36
Accept-Encoding: gzip, deflate
--
CONTENT POST
--
{
"request": {
"@os": "win",
"@updater": "chromium",
"acceptformat": "crx3",
"app": [
{
"appid": "oimompecagnajdejgnnjijobebaeigek",
"cohort": "1:1bk9:",
"cohorthint": "4.10.2557.0 for Chrome 95+",
"cohortname": "4.10.2557.0 for Chrome 95+",
"enabled": true,
"packages": {
"package": [
{
"fp": "1.b880ccaf1ce7fd85e6fe7b6846d54de8cc0ea2afd9865cdb444fb4c6db124d9d"
}
]
},
"ping": {
"ping_freshness": "{29069e9c-428a-40b1-a7c4-a1e8aae0a6e8}",
"rd": 6031
},
"updatecheck": {},
"version": "4.10.2557.0"
}
],
"arch": "x64",
"dedup": "cr",
"domainjoined": false,
"hw": {
"avx": true,
"physmemory": 32,
"sse": true,
"sse2": true,
"sse3": true,
"sse41": true,
"sse42": true,
"ssse3": true
},
"ismachine": false,
"lang": "fr",
"nacl_arch": "x86-64",
"os": {
"arch": "x86_64",
"platform": "Windows",
"version": "10.0.19045.3086"
},
"prodversion": "101.0.4951.67",
"protocol": "3.1",
"requestid": "{fb5ac651-f839-4524-8430-8b734fddf563}",
"sessionid": "{30aa909d-87ac-4363-ac5f-f8fee9bc990f}",
"updaterversion": "101.0.4951.67"
}
}