Bitdefender App Allowing Google to Collect Tracking Data?

Candlemaker

Why is the Bitdefender Android app allowing Google to collect information and data about us and our phones from its app?

According to the DuckDuckGo App Tracking Protection feature, the Bitdefender app has allowed Google to make 48 tracking attempts on my phone in the last hour, ranging from my device brand and GPS location, to my Android Advertising ID plus loads more…

Isn't Bitdefender meant to be the one app you trust completely to protect you from not only hackers and scammers, but your data being sold to big business for profit? Is that not why we pay big money for the services of these apps? So they don't have to scrounge around selling our data to stay afloat?? An app that doesn't charge a fee to use I understand, but not an app like Bitdefender where I'm paying a large subscription fee for.

I'd like an explanation from Bitdefender as to why their app has Google trackers in it, as I'm sure many others would also..

Flexx

https://community.bitdefender.com/en/discussion/102248/bitdefender-app-allowing-google-to-collect-tracking-data

The answer is simple: there is no app in the world that can promise to block every ad, tracker, or privacy-invading element. I am curious to know if you can, for information purposes, provide an app or tool that claims to block everything on the web regarding ads, trackers, or privacy-invading elements. Even the famous web browser extensions like uBlock Origin, AdBlock, AdBlock Plus, AdGuard, Ghostery, etc., which are solely built for this purpose, are also unable to block 100% of these things. In my personal experience, even when browsing the web using the DuckDuckGo search engine, some trackers still get through. While Bitdefender can block trackers to a certain extent, its primary function is to protect against malware and malicious/phishing links.

Regards

Candlemaker

Thanks for your comment Flexx. However my issue is not with Bitdefender stopping the tracking attempts. I understand that that is not the apps primary role. My issue is with what seems to be that the tracking attempts are originating from within the Bitdefender app itself. Ie DuckDuckGo App Tracking says that the actual Bitdefender app is harvesting these details for, or on behalf of Google, as can be seen in the screenshot attached. It specifically shows that DDG App Tracking has blocked the Bitdefender App from sending these details about my device and my details to Google services.

This is the issue. Bitdefender shouldn't be harvesting information from us through their app to supply to Google for whatever they decide to use this information for. It's the one app I give implicit trust to, that I expect protection from. Not having to protect myself from Bitdefender..

I'd simply like to know why the Bitdefender app has trackers in it at all? Why does it need to harvest detailed information on our phones to sell to Google, when we pay for their services?

Flexx

https://community.bitdefender.com/en/discussion/comment/346582#Comment_346582

Well, this is the first time I’ve seen or heard that the Bitdefender app has trackers inside the app itself. @Alexandru_BD, anything to say about this?

Regards

B. B.

I too would like to understand what the Bitdefender App is doing. My phone (DuckDuckGO) says that Adobe is collecting data through the Bitdefender App.

Alexandru_BD

Hello @Candlemaker,

While I don't have an official response yet, I will share my perspective with you.
I can understand why this may seem concerning, especially if you don't know all the facts. My personal opinion is that this data collection has to do with the app analytics and marketing purposes, as stated in the screenshot you have attached. Because you can't just release an app to the market and not evaluate how it's doing, can you?
But let's get something straight here. Bitdefender offers data security solutions and services. The company's goal is to ensure information and network security by providing quality solutions and services in these areas while also respecting privacy and personal data of customers, Internet users and business partners. This company is trusted by millions of people and companies worldwide and has various certifications, including information security policies that are ISO 27001 and SOC2 Type2 certified. And it's been around since 2001, this is not some shady startup, but a major player in the cybersecurity industry.

Bitdefender collects only that personal data absolutely necessary for the specified purposes, on a best efforts basis. They do not sell your data. For the collected information and data, adequate solutions to anonymize them are applied, or at least to pseudonymize them.

In this context, Bitdefender processes personal data for the following main purposes:

1. To ensure network and information security by:

• assuring correct and efficient operation of its solutions and services, according to the technical specifications, and for their improvement, including analyzing the reported IT security issues, delivering and customizing the related services to the user’s needs and developing new technologies;
• support or counseling services for its users of Bitdefender Home Solutions;
  2. To conclude and perform the contract with the user, including preliminary steps in this direction;
  1. To make statistical analysis and market studies;
  2. To perform marketing activities for Bitdefender's own needs.

The information is not "harvested" for anyone. Bitdefender may use other companies to process the collected personal data. These companies are considered data processors and have strict contractual obligations to keep the confidentiality of the processed data and to offer at least the same level of security as Bitdefender. Data processors have the obligation not to allow third parties to process personal data on behalf of Bitdefender and to access, use and/or keep the data secure and confidential.

I hope this gives everyone here peace of mind.

Regards,

Alex

B. B.

Thanks Alexandru.

So, my interpretation of your post is that in fact, Bitdefender does have Google collect all of this data, which by the way is massive. I understand that this is the type of data that Bitdefender could use to protect me and I assume that Bitdefender uses Google Web Services to do a lot of the processing. However, Bitdefender is asking me to trust Google, and Google has proven it is not trust worthy. They use every loophole they can to collect user data for their own purposes.

I think the key issue is "Would I trust a Google product to be my antivirus software and have complete access to my phone?". Absolutely not.

Then why would I trust them to process my data for Bitdefender?

Regards,

B. B.

Alexandru_BD

Hi @B. B.

I understand your perspective. But here's the thing: you are already using a product that runs a software that falls under the Google umbrella, since Android was purchased by Google back in 2005. Also, they have Google Play Protect. This automatically scans all of the apps on Android phones and works to prevent the installation of harmful apps. So, I assume some data collection might be necessary there as well, in order to scan the installed apps. But again, this has to be achieved in accordance with clear policies and guidelines and the data processing regulations in effect. Companies that collect data must adhere to various policies and regulations designed to protect data privacy and security. These regulations depend on the jurisdiction, type of data collected, and the industry. As such, data collection is regulated, and companies are subject to audits and inspections to ensure compliance.
Also, by "all of this data" I understand that you mean everything that DuckDuckGo mentions there, for example unique identifiers and other types of data, as it can be seen in the attached screenshot. However, it says there that the tracking app is "known to collect" that info, but that doesn't mean that it actually collects everything that is mentioned in that list.

Regards,

Alex

Candlemaker

Hi Alex,

Thank you for your perspective and for clarifying your points. While I understand the broader context of Google's role in the Android ecosystem and its data practices, there are a few aspects of your argument that I would like to discuss further.

1. Google’s Role and Data Collection
   While it is true that Android operates under the Google umbrella and that Google Play Protect scans for harmful apps, the assumption that data collection is always necessary for such functionality deserves closer scrutiny. Data collection can be minimised or anonymised to respect user privacy while achieving security goals. The concern here is not about Google’s role in managing Android but about whether specific apps, like Bitdefender, are embedding third-party trackers beyond their stated purpose. The issue of transparency and consent remains central.
2. Regulations and Compliance
   You rightly point out that companies are required to adhere to data protection regulations. However, compliance does not always guarantee ethical practices or full transparency. Regulators often rely on disclosures provided by companies themselves, and there have been instances where companies were found to have violated privacy laws despite claiming compliance. Hence, the existence of guidelines or audits should not preclude scrutiny of potential overreach in data collection.
3. Data Collection Scope
   Regarding your point on the "known to collect" information, I would argue that it is precisely the lack of clarity in such statements that fuels mistrust. If Bitdefender or any app does not collect all the data mentioned, it becomes their responsibility to clarify exactly what is collected and why. Generalised statements leave room for misinterpretation and suspicion, especially when trust is paramount in the security industry.

To summarize, while Google’s practices and regulatory frameworks provide a backdrop, they should not overshadow the specific concerns about third-party trackers in the Bitdefender app. Users entrust apps like Bitdefender with unparalleled access to their devices, and this trust warrants a higher standard of transparency and accountability.

Looking forward to your thoughts on these points.

Regards,
Candlemaker

Alexandru_BD

Hi Candlemaker and thank you for your detailed response.

Considering that the topic is beyond my knowledge regarding the exact data that the BMS application collects, as well as its exact purpose and the collection methods that ensure its proper functioning, I will have to redirect you to the relevant department that may answer your questions in more detail.
You may send a written request, dated and signed to privacy@bitdefender.com, elaborating on your concerns.

Thank you and best regards,

Alex

Candlemaker

Hi Alex,

Thank you for your reply and your reference.

I appreciate your input on this matter, and I shall redirect my questions to the relevant department referenced.

Again, thank you for your insight into this matter. I understand it is a complicated issue and involves many aspects.

I'm sure that Bitdefender has the best interests of its customers in mind, however I'm still concerned by the discovery of the information detailed within our discussion.

I shall post any further updates and information I receive from Bitdefender here in relation to this matter for all those that are also interested.

Best Regards,

Candlemaker