Closed Bug 1611835 Opened 5 years ago Closed 5 years ago

Avast/AVG add-ons are malicious and should be removed from AMO

Categories

(addons.mozilla.org :: Security, defect, P1)

Product:
addons.mozilla.org
Component:
Security
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: MatsPalmgren_bugz, Unassigned)

Details

There are reports that Avast/AVG add-ons are collecting and selling user data without user consent. This violates the GDPR in EU and is thus illegal there.
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

Meanwhile, AMO is distributing two add-ons from Avast:
https://addons.mozilla.org/en-US/firefox/addon/avast-online-security/
https://addons.mozilla.org/en-US/firefox/addon/avast-safeprice/
and one from AVG:
https://addons.mozilla.org/en-US/firefox/addon/avg-online-security/

Mozilla should:

  1. remove these add-ons from AMO
  2. ban these vendors from uploading new add-ons/extensions
  3. ship a hotfix to forcefully disable and/or remove these add-ons for all users (or at a minimum, for users in regions where privacy laws makes these practices illegal)

BTW, bug 1496100 is a one-year old report that Avast is also hijacking search, without any action (or even a response) from us. I'm disappointed to see our lax attitude against malicious actors like Avast.
Distributing these add-ons are harmful to Mozilla's reputation as standing up for user privacy and security.

The developer has worked with the add-on review team to address the issues. The new versions of the add-ons are in compliance with Mozilla's add-on policies.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

Repeatedly betraying the trust of millions of users and blatantly breaking the law should earn a vendor a lifetime ban, IMHO. I'm disappointed that we still think it's OK to distribute add-ons from Avast/AVG.

You need to log in before you can comment on or make changes to this bug.