A recent tweet from Kelly Shortridge at cybersecurity startup SecurityScorecard recently stirred the privacy hornet’s nest regarding Google’s Chrome browser. She’s referring to Chrome Cleanup, a component in the browser dating back to 2014 designed to scan and remove malware and bloatware that could compromise Chrome’s performance. But given the recent Facebook scandal involving Cambridge Analytica, privacy advocates are now on red alert.
In its early days, Google’s Software Removal Tool was a downloadable component to remove junk software that could cause issues with Chrome, such as the Ask Toolbar. It’s still available as a download now dubbed as the Chrome Cleanup Tool, but the company decided to overhaul this tool and inject it directly into the browser itself in October 2017, renaming it to Chrome Cleanup.
“Sometimes when you download software or other content, it might bundle unwanted software as part of the installation process without you knowing,” the company said at the time. “That’s why on Chrome for Windows, the Chrome Cleanup feature alerts people when it detects unwanted software and offers a quick way to remove the software and return Chrome to its default settings.”
Chrome Cleanup is based on detection technology provided by IT security company ESET combined with Google’s sandbox technology designed for Chrome. It’s not meant to replace your current anti-virus program, but merely detects and removes software that violates Google’s unwanted software policy. That policy applies to software deemed deceptive, piggybacks on the installation of another program, affects the user’s system in “unexpected ways,” and so on.
The built-in version of Chrome Cleanup resides under Settings > Advanced > Reset and clean up > Clean up computer. Click on the arrow, and a new screen appears with a tool for scanning and removing harmful software. Chrome supposedly does this automatically, but you can manually scan for harmful software for better peace of mind. You can also opt out of Google’s reporting component if you feel that the company is just a little too creepy with this PC-scanning tool.
The problem with Chrome Cleanup is that users have no way of turning it off. One Chrome user points out a solid complaint: The browser should not have the ability to scan the PC without explicit user consent. Windows 10 users can turn off Windows Defender. Why not Chrome Cleanup? Even more, why is it scanning the Documents folder?
Google’s Justin Schuh spoke out against the recent privacy concerns over Chrome Cleanup, stating that it isn’t a system-wide scan or filter. It runs for up to 15 minutes in the background once a week using normal user privileges to scan browser hijacking points that could redirect the browser elsewhere.
“The Chrome Cleanup Tool is not a general purpose AV,” he says. “The CCT’s sole purpose is to detect and remove unwanted software manipulating Chrome. The engine is a heavily sandboxed subset of ESET. Every cleanup action requires an explicit user approval.”
He said the team is currently investigating more options to opt-out of Chrome Cleanup, but “that balances against the potential for abuse.”