New Google Chrome update has a dangerous idle detection feature that will track system usage in detail

Despite the disagreement of companies such as Apple and Mozilla, Google security teams released the Chrome 94 update for Android devices and desktops, which includes an inactivity detection API. The Chrome update includes other features described on Google’s official platforms.

This feature, known as IdleDetection has generated controversy because it is designed for multi-user applications, such as video calling, chat and online gaming platforms. The feature will notify the web application when a user is idle, using signals such as mouse and keyboard inactivity, screen lock, or changing users in running an application.

The feature is considered intrusive because the events detected by IdleDetection occur outside the browser, although Google defended the measure: “These kinds of applications require global signals about user activity, more than those provided by existing mechanisms,” the report on the launch states. Developers from Slack and Google Chat and others were also in favor of implementing the API.

As mentioned at the outset, Mozilla was against implementing the API: “We consider Idle Detection to be too tempting an opportunity for financially motivated websites to collect information in bulk, keeping detailed records of users’ online activities,” says Tantek Çelik, Mozilla’s web standards leader.

Apple’s Ryosuke Niwa said, “Our concerns are not limited to recording information. In terms of privacy, the API allows a website to observe whether a person is close to the device or not. This could be used, for example, to mine cryptocurrency when the user is not around or begins to implement security vulnerabilities, among other malicious scenarios.”

The stance of these companies was clear, although Google implemented the API anyway after a couple of weeks of testing in Chrome. It should be clarified that this feature is subject to the user’s permission, which can be found in chrome 94 settings. Users can specify whether or not sites can collect this activity information, although experts fear this is not enough to mitigate security risks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.