FTC won’t stop Lenovo and others from selling adware-infected hardware

Lenovo Flex 2 15 touch

In a court settlement, the United States Federal Trade Commission (FTC) has made it clear that it won’t stop Lenovo and other tech companies from shipping electronics with preinstalled adware. It will enforce a new measure of transparency, however, which will require any companies that do so to make it clear to customers what is being installed and that it needs their consent to continue.

This settlement stems from a 2015 incident in which Lenovo laptops were found to contain a piece of adware called VisualDiscovery, developed by Superfish. The adware would hijack encrypted web sessions to serve adverts and gather user data. While that was problematic in its own right, it also made users vulnerable to man-in-the-middle attacks.

Although Lenovo has since stopped preinstalling VisualDiscovery, the eventual result of the FTC complaint won’t stop it from doing so in the future. What it will do is force the Chinese manufacturer to submit to audits of its preinstalled software. It will also need to help customers understand in a “clear and conspicuous” manner, so they can opt out of installing any such software. Giving consent for its installation must be easy to do and understandable for “ordinary consumers.”

Lenovo has disagreed with the allegations from the start and denies all wrongdoing as part of the settlement. It also highlighted that it removed VisualDiscovery after “learning of the issues, in early 2015” and announced a policy of reducing the number of third party programs preinstalled on its systems after this incident.

While there are some concerns that the ruling doesn’t prevent Lenovo from requiring installation for full use of its hardware, it does at least mean that everyone who buys from the company will know what they’re getting into. Likewise, Lenovo will find it much harder to install anything nefarious or malicious if its third-party software is subject to audits on occasion too.

Even if the company’s statement doesn’t reflect much wrongdoing in this instance, shortly after the initial incident, the CTO of Lenovo publicly apologized and made it clear that the company had made a mistake. Whether it learns from it now that it’s had its wrist slapped is anyone’s guess.