Introduction

Microsoft’s Bing Wallpaper app, designed to deliver daily, high-resolution Bing images to Windows 11 desktops, has recently come under scrutiny. While it markets itself as a free way to enhance desktop aesthetics, investigations reveal that it potentially engages in invasive behaviors that go far beyond wallpaper customization.

What’s Happening?

Users and developers have reported that the Bing Wallpaper app not only provides stunning wallpapers but also reportedly decrypts browser cookies from Edge, Chrome, and Firefox without clear user consent or disclosure. This enables the app to gather sensitive browsing data and behaviors.

Moreover, the app aggressively promotes Bing and Microsoft Edge by persistently nudging users to set these as their default search engine and browser. For Chrome users, it even pushes a Bing Search extension, shifting default search preferences silently. The app operates background processes — notably one named “BGAUpsell” — that manipulate browser behavior and open promotional tabs.

Technical Details

  • Cookie Decryption: The app accesses and decrypts Chrome and other browser cookies, which contain personal data such as login credentials, browsing history, and user preferences.
  • Background Operations: Performs ‘Bing cookie checks’ to assess whether Bing is already present and pushes users to adopt Bing search and Edge browser if it is not.
  • Bing Visual Search Integration: Installs Bing Visual Search without explicit user approval, embedding Bing search features system-wide.
  • Persistent Nudging: Push notifications continually prompt the user to switch to Bing and Edge as default choices.
  • Geolocation API Use: The app includes geolocation web APIs, hinting at location tracking capabilities.

Background and Context

Microsoft has a long history of integrating and pushing its own services, such as Edge and Bing, within its Windows ecosystem. Historically, users have faced challenges when trying to switch browsers or search engines away from Microsoft defaults. Following EU regulations, Windows 11 improved the ease of browser switching, but aggressive nudges and pop-ups remain commonplace.

The Bing Wallpaper app appears to represent a new phase in this approach, leveraging an ostensibly benign and free application to promote Microsoft’s ecosystem while potentially compromising user privacy.

Implications and Impact

  • Privacy Concerns: Users’ browsing data could be exposed due to non-transparent cookie decryption, raising serious privacy and ethical questions.
  • User Autonomy: Persistent prompts and hidden installations reduce user control, veering into manipulative territory akin to malware.
  • Trust and Reputation: Microsoft's image faces risks as these tactics may erode user trust in its software ecosystem.
  • Security Risks: Unauthorized access to cookies and forced extension installations may create vulnerabilities exploitable by malicious actors.

Community and Expert Reactions

Privacy advocates and developers have voiced alarm, likening the app’s behaviors to malware or adware. Developer Rafael Rivera has been particularly vocal, exploring the app’s internals and calling Microsoft’s approach “malicious.” Discussions within user communities highlight backlash, with many recommending uninstalling the app and using alternatives like Windows Spotlight.

What Users Can Do

  • Consider uninstalling the Bing Wallpaper app if installed.
  • Be vigilant about browser extensions pushed by the app and remove any unauthorized ones.
  • Use built-in Windows Spotlight for dynamic wallpapers without intrusive behaviors.

Microsoft’s Position

Microsoft has denied decrypting "all cookies," though specifics remain vague. The company emphasizes Bing Wallpaper as a free, convenient wallpaper solution but has not thoroughly addressed the privacy concerns raised.

Conclusion

The Bing Wallpaper app exemplifies the tension between providing free, useful features and respecting user privacy and autonomy. While adding dynamic wallpapers is attractive, users must weigh the hidden costs relating to privacy and aggressive marketing nudges that may undermine their control over their own systems. As in the wider digital world, if an app is free, users should consider what the true cost might be.