Why does the F-Secure Safe Browser default to sharing location information with Google?

katz
katz Posts: 16 Observer
edited May 2020 in Web Browsing

In Advanced settings -- Wesite settings -- there are default entries to share location data with google servers in the United States and in the UK. These seem like clear privacy concerns. This was the default configuration on application install.

Why is the default setting sharing location information with Google?

Also, please note that I cannot add any tags to this question. When I try to add the tag PRIVACY, it says No results and will not let me add anything.

Accepted Answer

Answers

  • Ukko
    Ukko Posts: 3,715 Superuser
    edited June 2020

    Hello,

    Sorry for my reply. I am only an F-Secure user (their home solutions).

    Why is the default setting sharing location information with Google?

    Perhaps, F-Secure SAFE browser with utilization default Android browser abilities for this layer / part (that is can be Google powered, for example). However, I am not sure about exact wording and maybe you can to point out what is certain concern there. Since google servers can be something integral. And 'Advanced settings -- Website settings', maybe, is somewhat shared across device browser core (what can be Google Chrome or something else as system browser functionality). In addition, there are F-Secure SAFE privacy terms ( https://www.f-secure.com/en/legal/privacy/consumer/safe ) and list of used SAFE permissions on android ( https://www.f-secure.com/en/legal/permissions/safe-for-android ).

    But maybe you could to try reach out their official Support channel (for example, web-chat):

    Also, please note that I cannot add any tags to this question. When I try to add the tag PRIVACY, it says No results and will not let me add anything.

    What about "tags" - actually, I can not to tag topics too (tried some months before). So, maybe it is platform trouble or browser limitations. What is your browser was during try? And were there some addons or so?

    Thanks!

  • Ukko
    Ukko Posts: 3,715 Superuser

    Hello,

    The duckduckgo browser does NOT install with location sharing turned on and does NOT share any information with google by default so therefore the information sharing is NOT a "with utilization default Android browser abilities for this layer" like it is for the F-Secure Safe Browser.

    Just some clarifications. :)

    It was not a statement, it was only my own unofficial understanding/thoughts (I am only an F-Secure user). Thus, maybe nothing is shared in fact; and maybe F-Secure SAFE Browser design for that layer is with another logic. Since I am not sure what you definitely found - I can not to think about something precisely.

    And concerned duckduckgo browser - did you mean that does not install with location sharing turned on and instead with 'off'-state? Or there is just impossible to rule it out by user? If so - what is a reason to be sure with absence of 'location sharing'?

    Although this is fairly easy to change (by going to 'Advanced settings -- Website settings' within the F-Secure Safe Browser using the cog wheel icon for Settings), it is NOT intuitive and I only found it because I checked every single configuration setting.

    Perhaps, I could not repeat it with my device. Or to understand what is your point about it. Or maybe your installation can be with more strict view of that layer (based on your own local legislation).

    My device (if browser used for some websites via Safe Browser) with two buttons: 'clear all data' or 'all locations permissions'. There also can be list of some websites. If your experience is also about this - how you can change it or what definitely you can change there?

    How I can to understand - this place is about websites that requested for / allowed to use your location. As some websites can to ask user's about his location and user can accept/allow or deny. And things like that (https://wiki.mozilla.org/Site-Specific_Preferences).

    At least, I can not to find what can be there "on" by default (and 'off' then).

    As for the tags issue with the comments for this customer support page

    If it is about this one page. Then, actually, this is Community. Mostly for users, but official F-Secure staff (Support, Teams, other) are pretty active too.

    This is kind of 'addition' to entire Customer Support facilities. And F-Secure Community is powered by third-party (good) framework, which can be with some bugs, of course. Usually, bugs are fixed sooner or later.

    Let's put that aside for now to focus on the main point above about why a security company with a long and storied history like F-Secure would provide a browser that installs with it's privacy options sharing information with Google and which is hidden in an obscure sub-section like "website settings". This should be remedied pronto.

    I could not comment such a conclusion, since I am not sure that this is definitely like that. Or that this is not somewhat 'obvious' or with knowledgeable user.

    What is certain privacy option there? And did you capture the traffic about data/servers? Or what is trigger of your assumption of sharing information with Google (when it is not expected to be so) and what is data to be shared?

    Did you mean that there were google domains listed? if so - maybe you allowed them to use your location during visit Google.com or Google.co.uk and as a result, there are listed there with an ability to revoke this permission.

    Actually, F-Secure SAFE Browser also with option to disable entire ability to ask location permission and deny any location requests from websites (geo-data).

    Anyway, if you are sure about trouble. And, of course, tone of your conclusion with critical shade (if it is like that) - then good to contact their Support official channel. For example, web-chat.

    that way - they could create a ticket about this.

    Thanks!

  • katz
    katz Posts: 16 Observer
    edited June 2020

    Forgive the acerbic tone. I am frustrated to find I must manually alter privacy settings to be private when installing a browser from a security company as I would have expected privacy to be the default with a fresh install on Android, and not something to dig through with obscure settings in poorly named subdirectories that by their name sound like they have nothing to do with privacy or security.

    The support link https://www.f-secure.com/en/home/support/contact in my location always shows the chat not available. I have not tried the phone support yet. This is the chat response from about 30 seconds ago.


    In any case, rather than trying to get F-Secure to change its browser product for Android devices, I decided to go with a proven browser known for privacy (duckduckgo for android and the duckduckgo plugin for firefox for windows) rather than try to secure a product that installs with privacy disabled. Instead, I will keep F-Secure for encryption and virus detection on my devices and laptops; those are after all the company's strengths and how the company built its stellar reputation for security. Data privacy and restricting sharing in this case is best left to DuckDuckGo in my humble end-user opinion on my equipment.

  • Ukko
    Ukko Posts: 3,715 Superuser
    edited June 2020

    Hello,

    Forgive the acerbic tone. I am frustrated to find I must manually alter privacy settings to be private when installing a browser from a security company as I would have expected privacy to be the default with a fresh install on Android, and not something to dig through with obscure settings in poorly named subdirectories that by their name sound like they have nothing to do with privacy or security.

    It is alright! And I perfectly understand the feeling of weirdness, if consider that there is really a terrible situation.

    But I just do not quite understand the specific side of the problem. Thus, I am trying to understand in order to express my opinion or to be horrified.

    Despite the fact the security and privacy are not always means something 'one' (and privacy browser can be not so safe; while safe browser can be not so privacy) - currently (and for companies like F-Secure) quite often both things (security and privacy) seen as something obligatory and important. So, I suppose that F-Secure SAFE Browser should be not only secure but with good privacy state by default.

    So, a browser from a security company indeed should be with suitable privacy settings as default. But still I am not sure what the mentioned privacy option/settings are, which is enabled by default or can be disabled manually. So, this is why I tried to perform further steps.

    I tried to restore my settings to default and, it seems, even in any other parts of the Settings - there is a quite normal default view.

    • Cookies are allowed (otherwise, browsing experience for not technical users can be a pain) with an ability to deny all of them (and option to delete stored cookies).
    • Websites are allowed to ask user's permission about location (Geo-data). So, user can to deny request from website/page. And, in addition, it is possible to disable it (deny all requests automatically at background) and to clear/delete all granted permissions to websites.
    • so, yeah from first there are listed google.com and google.co.uk under Advanced settings/Website settings. Fancy indeed. However, I am not sure that this is sharing actually. At least, it is only applied during visit that pages (as I can to understand how it works). So, if you do not want to use Google.com or Google.co.uk - all is like if they are not listed there. But when visited - maybe permission is not requested by webpage.

    So, it is strange indeed (why these entries there from default even if pages are not visited in fact; //later added: google.com visited actually at first launch - since it is home page//; However, maybe, there is a clear explanation of this). Since I tried it with beta solution - I will create a beta ticket about this point maybe. You could to try discuss it via their Support. Even if this situation is somewhat described under F-Secure Privacy Policy (https://www.f-secure.com/en/legal/privacy/consumer/safe).

    Maybe it is indeed something as 'pre-built' with system browser core/engine that can be used by F-Secure SAFE browser.

    The support link https://www.f-secure.com/en/home/support/contact in my location always shows the chat not available. I have not tried the phone support yet.

    I think it is better to keep trying to contact them via chat (or it also, maybe, can be escalated from this Community topic discussion later). Web-chat is not always accessible indeed. However, it should be available at some point (just occasionally glancing at the page). Also webchat can be blocked by script/adblockers (but in that case - all web-chat area should not visible probably).

    Offline state during working hours of chat can be also indicator that on current minute all Support agents are busy on chatting with some users. So, there is no free slot in query.

    In any case, rather than trying to get F-Secure to change its browser product for Android devices, I decided to go with a proven browser known for privacy (duckduckgo for android and the duckduckgo plugin for firefox for windows) rather than try to secure a product that installs with privacy disabled. Instead, I will keep F-Secure for encryption and virus detection on my devices and laptops; those are after all the company's strengths and how the company built its stellar reputation for security. Data privacy and restriction sharing in this case is best left to DuckDuckGo in my humble end-user opinion on my equipment.

    Good solution overall. :)

    However, I am not sure that "installs with privacy disabled" is a proper claim.

  • katz
    katz Posts: 16 Observer
    edited June 2020

    -------------------------------

    "But I just do not quite understand the specific side of the problem. Thus, I am trying to understand in order to express my opinion or to be horrified.

    ----------------------------

    Maybe some screen shots will help.

    First, here is what I see when I open F-Secure Safe on my Android phone...


    It says to use the SAFE BROWSER.

    So when I went to the SAFE BROWSER, here is what I found after digging through all the options...

    1] open the SAFE BROWSER and click on SETTINGS.

    2] then ADVANCED


    3] then WEBSITE


    4] Then you will see 2 google servers listed. Something like this:

    www.google.us

    www.google.co.uk

    I am not showing them here in the screenshot because I already deleted them.

    I had to do that because I cannot unistall the SAFE BROWSER without uninstalling F-SECURE from my Android phone!

    Quite unpleasant.

    Just to add to the unpleasantness of course www.google.com is the default homepage rather than a blank page or asking the user to set the default homepage. (Even when location sharing is OFF, google is known for pulling that information from Android phones with obscurely buried consent legal fine print in their app store. So to keep it off, the user would have to know to remove the google account from the phone after downloading from the app store and log in again every time they want to download a new app.)


    5] I manually deleted both by using the buttons at the bottom.



    Hope this helps.


    "Even if this situation is somewhat described under F-Secure Privacy Policy (https://www.f-secure.com/en/legal/privacy/consumer/safe)."

    Even if this is covered in the privacy policy, it does NOT mean it is acceptable to be forced to install a browser with a security product that by default on first installation shares location data and other phone data with ANYONE let alone a commercial company like Google known for multiple privacy and security scandals.

  • katz
    katz Posts: 16 Observer
    edited June 2020

    Why was my last comment regarding privacy problems and showing screenshots of the F-Secure SAFE BROWSER deleted???

    https://community.f-secure.com/en/discussion/comment/123307#Comment_123307



  • katz
    katz Posts: 16 Observer

    Seeing as my last comment was deleted I will post again. Hopefully this will clear up the confusion.

    Here is what I see when I open F-Secure SAFE.


    1] When I navigate and open the SAFE BROWSER and look at the settings, here is what I find.

    So I click on SETTINGS

    2] Then ADVANCED

    3] Then WEBSITES


    4] Then this is what I see, something like this...

    www.google.us

    www.google.co.uk

    So of course, I deleted them immediately because I CANNOT REMOVE the SAFE BROWSER without unistalling F-Secure from the Android phone.


    5] Using these 2 buttons at the bottom of the screen to remove both LOCATION and all OTHER data about my activity on the phone



    Hope this helps.

  • Ukko
    Ukko Posts: 3,715 Superuser
    edited June 2020

    Maybe some screen shots will help

    Yes, thanks for your huge efforts!

    I also discovered this moment by my own, about which I wrote further in a previous reply. For that - I restored default state of F-Secure SAFE application and both entries (domains) were there.

    I am not sure why they are there, actually. But perhaps this does not mean that SAFE Browser constantly communicates with Google servers.

    Both domains somewhere predefined to be there. So, I can to suspect that when user will open google.co.uk or google.com and if these Google pages will request user's location permission - then such a permission is already granted. However, I am not sure of that or how to properly check this. Sounds a bit as bogus entries. Since when I tried to visit google.co.uk - there was one another entry for domain.

    Anyway, I will try to reach support about some points around.

    // I did not find corresponded option with DuckDuckGo browser (maybe covered by all 'one-button' privacy tune ups). However, during general use of pages (google.com or google.co.uk or google.no) I did not feel any difference. Perhaps, I do not how to trigger location permission request from Google.

    Thanks!

  • katz
    katz Posts: 16 Observer

    "Even if this situation is somewhat described under F-Secure Privacy Policy (https://www.f-secure.com/en/legal/privacy/consumer/safe)."

    Even if this situation is covered in the privacy policy it does NOT mean it is ACCEPTABLE to share location and usage information by default on every install with a third party company much less a company like Google which has had numerous privacy violations and controversies.

  • katz
    katz Posts: 16 Observer

    ----------- "Both domains somewhere predefined to be there.........Anyway, I will try to reach support about some points around."

    Thank you yes.

    This is something that should be fixed pronto because sharing browsing and usage and location data with a third party company by default is surprising in a product that CANNOT be removed in order to use the security product. That is very disturbing.

    Most people do not know that on an Android phone, even if location data and sharing is turned OFF, that Google servers will still PULL THAT INFORMATION from the phone whenever that phone is logged in to download applications from the Google Play Store. So in order to keep location and other data private, the user would have to REMOVE the Google account from the phone after downloading an app from the store and then log in every time they want to use the Google Play store to update existing apps on their phones or download new applications.

  • Ukko
    Ukko Posts: 3,715 Superuser

    Even if this situation is covered in the privacy policy it does NOT mean it is ACCEPTABLE to share location and usage information by default on every install with a third party company much less a company like Google which has had numerous privacy violations and controversies.

    Of course, Privacy Policy or Terms can not break laws and so on. However, user should to read and accept Privacy Terms before 'first' use of application / software. And if something is strange/suspicious there - good to ask clarification about certain wording or to decline use.

    BUT

    it does NOT mean it is ACCEPTABLE to share location and usage information by default on every install with a third party company much less a company like Google which has had numerous privacy violations and controversies.

    I understand your point as a general concern. It is clear.

    However, I am not sure (yet) that this situation is about such a violence. In addition to my two previous replies (where I also discovered this troublepoint) - I can only to think that 'share location and usage information' is not occurred by default. But default settings may lead to this potentially (since unclear why google.co.uk and google.com listed there as with granted permission to location data; and what will be if user met situation when it should be requested on domains).

    And, basically, it should be concerned only data about this exact domain. So, 'sharing' Google.co.uk data with Google UK servers. But not all user's data or with 'any' server.

    Since it is Android (somewhat Linux-based), and even just because on my device I can not to uninstall Google Chrome (only to disable it, maybe) - I think that these entries can be bogus (inapplicable in fact) or unintentionally there since of re-use Android-system based generic browser core/engine or something like this. But this is only my unofficial speculation - I am only user.

    Thanks!

  • katz
    katz Posts: 16 Observer
    edited June 2020

    Yes. I think we agree now:

    --------

    "I can only to think that 'share location and usage information' is not occurred by default. But default settings may lead to this potentially (since unclear why google.co.uk and google.com listed there as with granted permission to location data; and what will be if user met situation when it should be requested on domains)."

    --------

    The default settings on the F-Secure SAFE browser are leading to sharing search information and location information.

  • Ukko
    Ukko Posts: 3,715 Superuser
    edited June 2020

    The default settings on the F-Secure SAFE browser are leading to sharing search information and location information.

    I did not research this field enough well, so my words are only my thoughts.

    We agree that there is a situation with two domains (as default entries) in the list of allowed to the location. And, in general, under list where websites' data stored.

    Visited at first launch (home page) - google.com; And not visited (or indirectly) visited google.co.uk; Both with picture/state that they are with access to 'geodata' (website with access to user's location; during use website).

    So, I am not sure about 'sharing search information' at all.

    Location information is not (somewhat) shared maybe too. But the potential situation is that if a user opens one of these two websites, and then for some reason the website needs to require access or permission to a geolocation, then it potentially will be provided by default (instead of a request, which the user can either approve or reject). But I do not know how to check it. Furthermore, maybe these two entries are bogus (inactive).

    Data itself (site-specific preferences) are stored on this settings place with an ability to clear it. So, I do not feel that there is a hint of sharing things like search information or data. Just stored. By default - nothing is stored (how I can to understand).

    Location information (access to location/geodata) can be granted to website. And if so - it will be listed there. So, since two entries there from default state with such 'access' - potentially it can be called 'sharing' location information. However, this is not constant 'sharing' (as can be with real privacy impact). Used for Google.com or Google.co.uk needs of location (to provide something specific for user based on this) only during website use. I am not sure how this affect real situation (I can not check now or find a way to check).

    Anyway, I think that these entries there are not for profit or bad intention. Maybe this is something unintentional or dictated by platform restrictions. Maybe even 'bug'.

    In terms of potential connection with other settings, this may be explained by next point: Google Search is default search engine (with the ability to switch to another from the list). Based on this article ( https://support.google.com/chrome/answer/142065 ):

    If you use Google as your default search engine on your phone, your location is used by default for your searches on Google.

    what can be mistakenly or unintentionally applied to F-Secure SAFE browser too.

    Thanks!

    // my device with disabled access to geodata/location on Android settings (so, maybe this is why I did not feel difference which described in previous replies).

  • katz
    katz Posts: 16 Observer

    Thanks for all of the replies.

    No, I do not have Google as my default search engine on the Android phone. I have been using duckduckgo as the default search engine and of course have recently installed their browser per all the discussion above.

    Yes, by default BOTH the "Website" and the "Location" data are being transmitted to the google servers in the us and uk when the F-Secure SAFE Browser is being used as those are listed by default under "Website Settings" on a clean installation of the SAFE Browser that is bundled F-Secure application on the Android phone.

    --------"So, since two entries there from default state with such 'access' - potentially it can be called 'sharing' location information. However, this is not constant 'sharing' (as can be with real privacy impact). Used for Google.com or Google.co.uk needs of location (to provide something specific for user based on this) only during website use. I am not sure how this affect real situation (I can not check now or find a way to check). "

    I am not sure how to check whether this is NOT constant sharing for EITHER the website data OR the location data. My devices have location sharing turned OFF before I installed anything from F-Secure, but this would NOT affect the website data sharing and I have no idea if this would stop the location data sharing. As you said, we are mere users and we are not the company's developers so we have no idea. In any case, this was all too much of a headache to try to fix an application which by default lists google servers as having website and location data sharing, so I simply moved to a browser known in the industry for privacy.

    Again, thanks so much for all the replies.

  • katz
    katz Posts: 16 Observer
    edited June 2020

    Thank you for all the replies.

    ----------So, since two entries there from default state with such 'access' - potentially it can be called 'sharing' location information. However, this is not constant 'sharing' (as can be with real privacy impact). Used for Google.com or Google.co.uk needs of location (to provide something specific for user based on this) only during website use. I am not sure how this affect real situation (I can not check now or find a way to check). ---------------

    As you said, we are mere end users so we CANNOT KNOW whether the sharing is constant or not.

    All my devices had location sharing off and did not have Google as the default search engine and did not have chrome installed. I was using firefox until I ended up downloading the duckduckgo browser per all the discussion above.

    On a clean install, both of these google servers were collecting BOTH "website data" and "location data" per the screenshots above. I cannot know if having the location services toggled off on the devices stopped the sharing of this data from the application with the google servers listed on the website settings whenever those servers were visited or somehow part of a web page loaded onto the SAFE browser from F-Secure. Also, having the location services off does not necessarily mean that the "website data" for those two Google servers was private either. We cannot know as again, we are mere end users and not the developer of the product.

    I am sure none of this was malicious. I am sure it was just a ridiculously silly and frustrating privacy mishap. However, be that as it may, the company really needs to clean that up considering they are after all a security company and the application they are providing is such an integral part of the security software on the Android phone that the browser CANNOT be removed from the phone without also removing the security software.

    Again, thanks for all the work on this.

  • Ukko
    Ukko Posts: 3,715 Superuser

    As you said, we are mere end users so we CANNOT KNOW whether the sharing is constant or not.

    This is definitely not constant sharing. Since (as for my understanding) it is not how functionality works. This settings/feature (granting access to location for website), perhaps, with certain form and standards: how browsers should and websites should handle it (or 'application'). For example, if website with access to location (geodata) after request - then there can be customized results on the page when user browsing / interacted with website (maybe nice thing when used for good). Otherwise, we cannot know even about any browser (DuckDuckGo or many other alternatives. I am also with multiple browsers on my device). Only if to capture traffic/communication of application.

    and did not have Google as the default search engine

    F-Secure SAFE Browser with. However, I am not sure that my mentioned article and quote should apply for this circumstances. But it was just as potential explanation why two entries can be there 'unexpectedly/unintentionally' or mistakenly as a bug (for example). Another explanation is something special for functioning (but for me - it is unclear which way / how it should be default).

    On a clean install, both of these google servers were collecting BOTH "website data" and "location data" per the screenshots above

    With my experience and understanding - website data was not stored (otherwise it should be with visible 'size' of stored data - that was not a case with my try). And, actually, Google.co.uk should store its own data  \ Google.com store its own data. Perhaps, both information are stored locally within browser functioning (as part of other things like cookies). Meanings: when user access these websites - his 'preferences' are applied from browser's settings.

    But I do not know what is 'data' there; And whether how it can be shared (basically, this 'data' is stored and dedicated to this website - so 'sharing' is expected).

    Also, granted location to website is used within website only (this is not something that application have uniquely; or even did not have). Trouble that is more visible for me - two entries were with 'allowed' access to location (perhaps, should not be like that).

    We cannot know as again, we are mere end users and not the developer of the product.

    Yeah, that is why I feel that to contact Support is somewhat useful.

  • Jaims
    Jaims Posts: 846 Former F-Secure Employee

    Hi @katz

    Thank you for raising this issue and we completely understand the level of concern when it pertains to privacy matters.

    There are situations in which this access is justified. F-Secure SAFE has a Phone Finder feature and if you had clicked Allow to "Allow F-Secure SAFE to access device's location?" during the installation, you possibly had enabled this feature. Also, Google will inform you that they use your location to help show the most relevant search results, however, users still have the ultimate choice. 

    About your deleted comment, we are truly sorry to know that you did not perform this task but I can see from the backend that the deletion was done with your username. We will liaise with the relevant team to investigate this immediately and rectify it as soon as possible. As you may know, we are still transitioning into this new platform, so this could possibly be a bug.

    Kindly note that our Live Chat Support runs 24/7 and the signpost depicts agents' availability so you may need to wait until you get connected with the next available agent.

  • katz
    katz Posts: 16 Observer

    Hi and thank you for the followup.

    ---------------"There are situations in which this access is justified. F-Secure SAFE has a Phone Finder feature and if you had clicked Allow to "Allow F-Secure SAFE to access device's location?" during the installation, you possibly had enabled this feature."

    I am not sure what the situations are, for which this access is justified. Nevertheless, all my "phone finder features" are turned off as I do not warrant the possible future threat of losing my phone equal to the daily broadcast of my location information to Google to monetize my consumer behavior and track me to every store I go to with my phone.

    Because I have done this, although F-Secure is running on my phone, I cannot access the application because F-Secure REQUIRES location permissions in order to use the application interface. So I only enable it briefly when I need to change something or look at the status and then I disable it and cannot access the application because I get the screen below. Please see the screenshot below. As you can see, this is NOT optional - a security product to scan viruses on my phone demands to know my location. This is clearly ridiculous and for the gullible.

    Also, making location information MANDATORY is disappointing coming from a security company like F-Secure with a long and storied history of security. Clearly, although security is the product being sold, privacy is not high on the list of goals for the company. This makes me wonder if that location information is being shared with third party companies like Google or others, which, for me as an end-user, is an unsettling thought when installing and using security software.



    --------------- "About your deleted comment, we are truly sorry to know that you did not perform this task but I can see from the backend that the deletion was done with your username. We will liaise with the relevant team to investigate this immediately and rectify it as soon as possible. As you may know, we are still transitioning into this new platform, so this could possibly be a bug."

    Thank you for looking into this. This happened again after the post above and near as I can tell, it happens when I try to edit a previous comment within a minute after I have posted it. Perhaps this is happening because I am editing too quickly? Unsure what the root cause of this behavior is but it is annoying and almost deterred me from continuing further because typing all this twice is a pain. Better to just remove the edit button and let the typos stand.


    -------------------------- "Kindly note that our Live Chat Support runs 24/7 and the signpost depicts agents' availability so you may need to wait until you get connected with the next available agent."

    Thank you for thinking that. However, no matter how long I wait, I have not been able to get an agent thus far.

  • katz
    katz Posts: 16 Observer

    p.s. I know there is a ton of money to be made by any company willing to sell location data to stores so that they can sell us more products, but consumers are simply turning off the location permissions for all their applications when they leave home anyway. It might be a more honest corporate model to simply charge more for the product rather than try to get more profit by selling the location and website information to third party companies. Especially ones like Google which have a long and storied history of privacy scandals and violations.

  • Jaims
    Jaims Posts: 846 Former F-Secure Employee

    Hi @katz

    Thank you for your observation, patience and understanding.

    Your concern has been conveyed to relevant team who have began immediate investigation and possible overhauling but the final decision is subject to their recommendation in accordance with F-Secure Privacy Statement. F-Secure uses Google maps in our device location and search feature so default settings has this feature turned On on SAFE browser. However, it can be disabled from the browser's Settings > Privacy & Security > Location where you can see box to disable Location options. We were able to reproduce the exact issue on default Android browsers which means, this is the default settings on all Android devices and since F-Secure SAFE browser uses the default settings, it was only pertinent so see that feature turned on but we are reviewing this.

    One thing is certain , if the application does not have the location permission enabled, location access will be disabled on browser and no request on location permission will be asked. There is also a need to verify if this would undermine the performance of the Phone Finder which is one of the features on F-Secure SAFE, but like I mentioned, the ultimate decision still lies in the hand of the user.

    Regarding the deleted post, as you might already know that this is a new platform and we are open to making changes to some rules as we progress, as at the time of your post which was automatically deleted, there's a limit to how many discussions, comments, private messages, and replies to private messages that a user can create within a time period. It appears your comments were posted too rapidly and within a very short time frame which prompted the system to auto remove them but you will be seeing them again as it as been returned to the board.

    As mentioned, our Live Chat support is available 24/7 but the signpost will be unavailable once all agents are occupied with other customers. We truly appreciate your time and patience so you may want to check back at a latter time if you have waited too long. Please remember to refresh the page from time-to-time. We have other channels such as Call Support and the Community to reach out to us anytime you have any concern.

  • katz
    katz Posts: 16 Observer

    Hi Jaims, Thank you for the follow up on all of this. Appreciate it.

    Thank you also for conveying these concerns to the relevant team to review these privacy issues.

    I am both relieved that the team is looking at it and mildly surprised it took all this to surface privacy as a concern for the behavior of the product.

    I understand your instructions about disabling location permissions in your reply.

    ---------------------

    " However, it can be disabled from the browser's Settings > Privacy & Security > Location where you can see box to disable Location options."

    ------------------------

    Please understand however that using the procedure above to turn OFF location on my Android device means that, although F-Secure is running on my phone, I cannot access the application because F-Secure requires location permissions to see the application interface. So I only enable location permissions briefly when I need to change something or look at the status and then I disable it and cannot access the application interface because I get the screen below whenever LOCATION IS TURNED OFF.

    In other words, the product will NOT display the main screen on my Android device even though it is running in the background because it makes ENABLING LOCATION MANDATORY to see the product main screen.

    This disappointing coming from a security company like F-Secure with a solid security reputation.

    I hope when the relevant team is reviewing the google servers allowed to access website and location data, that the team with ALSO review and revise the application to stop demanding LOCATION permissions be turned on to view the status of the main panel.

    Thanks again.

    As a side note, I do not keep any of my Android devices logged in to Google servers unless I am at home and updating applications on my devices over wifi. Most people do not know that on an Android phone, even if location data and sharing is turned OFF, that Google servers will still pull that information from the device whenever it is logged in to download applications or updates from the Google Play Store. To stop this, the user would have to remove the Google account from the device after downloading an app from the Google Play Store and then log in every time they want to use the Google Play store to update existing apps on their phones or download new applications. This is why I remove the Google account from my devices until I need them. I do not want third parties like Google monetizing my shopping habits every time I walk into my local shopping mall. For me as an end-user, it is an unsettling thought when installing and using security software from a company like F-Secure to think that my location information is being monetized and sold to third parties because the F-Secure Safe antivirus software for Android makes location permissions mandatory in order to view the application GUI main screen.

This discussion has been closed.
Feedback on New Design