Security

Bing Wallpaper app, now in Windows Store, accused of cookie shenanigans

Microsoft free tool snooping on users? Surely not!


If you've been tempted to download the Bing Wallpaper app to spice up your Windows 11 desktop backgrounds, you may want to think twice.

The Bing Wallpaper app - itself not a new product - was recently added to the Microsoft Store for simpler download and installation. Going on a gut feeling to investigate it when the app appeared on the store, Rafael Rivera discovered a heap of concerning capabilities that he said on X essentially make it a piece of Microsoft-developed "malware." 

"Who makes a dedicated wallpaper app these days?" Rivera posited to The Register in response to questions about his findings, which answer the question for him.

"That [question] led me to take a look using basic tools, such as ILSpy for code decompilation and Windows Sandbox for testing and observation," Rivera said. "The code revealed concerning capabilities." 

According to the self-identified Microsoft MVP alum, the Bing Wallpaper app includes undocumented features that enable it to alter Chrome browser extension preferences, and decrypt and read "all major browser cookies for user tracking purposes." It can also display user prompts with configurable timing to reduce annoyance, utilize encrypted configuration storage, and detect or intercept browser launches "to promote extensions and launch arbitrary URLs" that prompt users to switch to Bing and Edge inside their default browser.

In his thread on X, Rivera noted that the app also installs Bing Visual Search on host PCs without asking users.

"I've only scratched the surface," Rivera told us. "A full audit would be quite time-intensive and isn't where I want to focus my energy."

Feel free to audit it yourself, of course - but ESET already considers it a potentially unwanted program if that helps solidify the degree to which Bing Wallpaper is trusted. 

Microsoft denies decrypting all cookies

When asked to disprove Rivera's claims, Microsoft assured us that "the Bing Wallpaper app does not peruse and decrypt all [emphasis added] user Edge and Chrome cookies," a distinction Rivera dismissed as "splitting hairs" - and notably, Redmond doesn't mention Firefox.

"The app locates where Google Chrome, Microsoft Edge, and Mozilla Firefox store their cookies, queries for cookies with names they are interested in (such as MUID), retrieves their encrypted content, and then proceeds to decrypt them, all without user intervention," Rivera said in response to Microsoft's claims. "The cookie values then appear to get sent to or are used by Microsoft."

Microsoft further noted that the app performs a Bing cookie check to avoid repeatedly offering users the Bing app if it's already installed, but didn't otherwise address the app's handling of cookies. 

Redmond also told us that the Bing Wallpaper app isn't new, and the version added to the Microsoft Store didn't include any new functionality or changes from previous versions. 

Rivera noted that Bing Wallpaper is distributed through multiple channels and in various forms that include the ability for it to be remotely reconfigured. "It's not immediately clear, or documented, which configurations do and do not offer/install certain features," he told us. 

In short, you might want to take a pass on installing this one - it's another in a long line of questionable data gathering practices by Microsoft that show no sign of slowing down - after all, if the app is free, the company will surely seek some way to monetize it. 

"What I find deeply troubling is Microsoft's willing development and distribution of what is essentially malware," Rivera said. "It's heartbreaking to see one of my favorite tech giants deliberately create software that undermines user privacy and autonomy." ®

Send us news
47 Comments

Microsoft investigating 365 Office activation gremlin

Says it's not sure what the issue is but points at admins tweaking licensing options

Microsoft won't let customers opt out of passkey push

Enrollment invitations will continue until security improves

Microsoft Edge takes a victory lap with some high-looking usage stats for 2024

Lots of big numbers, but market share wasn't one of them

Microsoft coughs up yet more Windows 11 24H2 headaches

Users report the sound of silence from operating system update

AI's rising tide lifts all chips as AMD Instinct, cloudy silicon vie for a slice of Nvidia's pie

Analyst estimates show growing apetite for alternative infrastructure

When old Microsoft codenames crop up in curious places

Chicago is my kind of driver model

Suggested Actions fails to suggest its own survival as Windows 11 feature killed

Final curtain call for weird wingman

The winner of last year's Windows Ugly Sweater is ...

Register readers have spoken

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Windows 11 24H2 strikes again – Outlook might not start with Google Workspace Sync running

Meanwhile, 365 Enterprise users have a date for new Outlook rollout

'That's not a bug, it's a feature' takes on a darker tone when malware's involved

Mummy, where do zero days come from?

Microsoft hijacks keyboard shortcut to bring Copilot to your attention

AI assistant goes native – sort of – for Windows Insiders