Potential privacy issue discovered on the Microsoft Store

Nov 6, 2018 10:10 GMT  ·  By

While Microsoft has become one of the main privacy advocates of its users regardless of the country they live in, the company still needs to improve its products here and here.

A recent privacy concern is aimed at the way the Microsoft Store handles data of local accounts, as it was discovered that certain information might be exposed even after a full re-install of Windows 10.

The operating system can be used with either a local account or a Microsoft account. In both cases, Microsoft allows users to access the Microsoft Store, download, install, and update apps.

Details about every installation is stored in a so-called app history screen which technically makes it possible for users to access it at a later time. While the logs of users with Microsoft accounts are tied to their account information, for local users the data seems to be linked to the hardware ID of the device.

Users can’t delete the stored data

As noted by ghacks, this is where the problem arises. The app history page for local accounts isn’t removed, not even when performing a full reinstall of the operating system, and it becomes available the next time someone logs in with a local account and connects to the Microsoft Store.

What this means is that the information here can be exposed in case the device is being used by another individual, sold or anything like that. Because there’s no option to delete the app history tied to Microsoft accounts, the information would just stay there indefinitely, storing all the app installations that users performed.

Microsoft hasn’t provided any statement regarding this possible privacy concern, but it’s believed that the company can erase the details manually on request.

We have reached out to the company for a comment on this report and to let us know if an update in this regard is planned and we’ll post more information if it’s provided.