We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.

Coronavirus Read our latest advice

Avast admits to ‘unacceptable’ sharing of user data: what you need to know

Free software from popular antivirus provider Avast was found to be sharing personal information collected from user devices: find out how it affects you

Avast admits to ‘unacceptable’ sharing of user data: what you need to know

Evidence came to light from news website VICE this week that Avast, a popular supplier of paid and free antivirus software, has been sharing ‘de-identified’ personal user information collected from devices with a subsidiary called Jumpshot.

Jumpshot then shared data, which included users’ clicks and movements online, with companies that included Google, Microsoft and Pepsi.

Avast has since announced that it is terminating its data provision through Jumpshot, but confirmed that the core function of its software – the security side – will continue to work as normal.

Should I be concerned about my data?

Data sharing, to one degree or another, is a common by-product of free software. If you use a web browser and have cookies enabled, your data is being shared with numerous third-parties with every site you visit. Advertising companies pride themselves on being able to create an anonymous profile of your likes and dislikes to serve you better ads. If you have a Google account, you can see for yourself the information Google believes you want to see adverts about.

In the case of antivirus sellers, some data is essential to help it track threats and build better protection, and ultimately to enable it to provide free protection for its users.

What appears to have got Avast into hot water here is that it overstepped the line when it came to this data collection. It would not be outlandish for a user to believe that a piece of software marketed for its security and privacy would do its utmost to minimise the amount of data collected and shared from users, in particular web browsing data, simply for money-making purposes.

 

Avast owns AVG, which is also known for its free antivirus product. AVG so far has not been implicated in the data-sharing controversy.

For its part, Avast said that its Jumpshot data collection was GDPR compliant. However, simply being compliant did not prevent the company deciding that the data collection was in fact not in line with its business aims.

An Avast spokesperson told Which?:

‘Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. For this reason, Avast has decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect. With the ever-changing nature of threats to users online today and in the future, Avast is now focused on innovating to enhance its products for the benefit of our users and the protection of their privacy.’

The spokesperson added that the only data sent from Avast Free going forwards would be for ‘provisioning’ – checking files and links to see whether they are safe. In this way, Avast is no different to any other piece of security software, and works best when it has an internet connection.

Should I remove Avast software from my computer?

If you’re using Avast, there’s no reason to panic or remove the software from your computer. The data collection in use here was present in the free version of Avast for both Windows and Android, but not on Mac. You can check to see if it was already enabled by looking in the Privacy settings portion of the program on your computer or app on your phone, and you can switch it off from there, too. However, Avast has confirmed that Jumpshot is no longer being used to collect user data in this fashion, and that the change will not affect its ability to provide its security services.

Which? takes data privacy from companies seriously and will be further investigating these issues across the security software industry so that consumers can be assured and informed about how their data is being used.

Can I prevent my data being shared by other antivirus software?

All software is different, but if you clicked hurriedly through various terms and conditions when you downloaded and installed your antivirus software of choice, you probably agreed to various levels of data collection.

First, check the app itself. Head to the settings menu and look for options relating to privacy or data. Scan all the menus to see what you’re opted into. Things like ‘telemetry’ and other security-critical data collection is lower risk, and the latter is essential for your software to be effective. But if you find a tickbox that allows for the sharing of data to third-parties for advertising purposes, you should be able to turn this off yourself.

The second step is to look at any browser add-ons supplied by your antivirus software. Shopping and anti-phishing add-ons may collect browsing data and pass it on for advertising purposes. In your browser, look for ‘extensions’ or ‘add-ons’ and find ones relating to your security software. If you have the ability to turn off data collection — or if you don’t use the extension — remove it entirely. It might even speed up your browser.

See the screenshots below on how to access your privacy settings in Avast for Windows. You can find more information on the Avast support website.

Back to top
Back to top