Zoom app on iPhone

Zoom app update aims to counter criticism of its privacy practices

Image credit: Dreamstime

Zoom has made a number of changes to its video conferencing platform focused around privacy and security after receiving criticism of its practices in recent weeks.

As part of its 5.0 update, the firm said it was adding support for AES 256-bit GCM encryption which will provide increased protection for meeting data and resistance against tampering.

It also features a clearer security icon to access the safety settings, a tool to report users and new password controls.

The video conferencing app, which has exploded in popularity since global lockdowns were imposed in the face of the coronavirus pandemic, has been under increased scrutiny in recent weeks. The number of regular users increased around 10 million to over 200 million as people attempted to work and study from home as well as stay in touch with friends and family.

It has been blamed for inadvertently leaking users’ personal information to other users and allowing hackers to steal users’ Windows login credentials.

It was even hit with a class action lawsuit in California for failing to safeguard its users’ personal information.

“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform,” said Zoom CEO Eric S Yuan.

A number of the features had been previously confirmed by the company after it pledged at the beginning of April to stop all product development to focus on improving security features.

“We take a holistic view of our users’ privacy and our platform’s security,” said Zoom chief product officer Oded Gal.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny.

“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit.

“On the front end, I’m most excited about the security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and centre for our meeting hosts.

“With millions of new users, this will make sure they have instant access to important security controls in their meetings.”

Cyber-security expert Jonathan Knudsen, senior security strategist at Synopsys, said that although Zoom’s update still did not offer full end-to-end encryption as defined by industry experts, security within the app had undoubtedly improved.

“In Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture of Zoom, which does not fully implement end-to-end encryption,” he said.

“At the same time, given the recent intense scrutiny of Zoom’s infrastructure, the new changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles