Zoom promises to resolve security and privacy issues in its video-conferencing service
The company says users are utilising the app in myriad unexpected ways
Zoom has paused the development of new features for its video-conferencing app in efforts to concentrate more on security and privacy issues impacting the app.
In a blog post, Eric Yuan, the founder and CEO of the company, said that Zoom's usage in recent days has skyrocketed in ways that the company had never expected prior to the coronavirus outbreak.
"We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socialising from home. We now have a much broader set of users who are utilising our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived," Yuan said.
Yuan said that use of Zoom risen from 10 million daily users in December to more than 200 million daily users in March. He admitted that Zoom's service has "fallen short of" the community's and their own privacy and security expectations, despite their hard work to support the influx of new users.
"For that, I am deeply sorry," Yuan wrote.
The rising popularity of Zoom in recent weeks has led to increased attention on the company's security practices.
Earlier this week, a Zoom user filed a class-action lawsuit against the company in the federal court in San Jose, California, accusing the company of disclosing users' data to Facebook without receiving prior consent from users, and security experts found two bugs in Zoom app which could allow hackers to gain root privileges and take over a Mac user's microphone and webcam.
Zoom users have also complained of recent 'zoombombing' phenomenon, in which uninvited guests join video conferences, just to make racist remarks, share pornography or shout abuse.
Zoom has also been accused of misleading users into believing that it uses end-to-end encryption.
Mr Yuan said that the company has taken several steps to address concerns raised by users and security experts. These steps include:
- removing the code from the app that sent information from its iOS app to Facebook
- releasing fixes to address Mac-related issues
- clarifying encryption practices
- removing a LinkedIn feature to avoid unnecessary information disclosure
- issuing guidelines to users about how they can prevent becoming a victim of zoombombing
Over the next three months, the company says it will freeze development of new features in order to address safety and privacy issues. It will conduct a review with third-party experts to understand new security features needed for new user cases.
Zoom also plans to enhance its bug bounty programme and to prepare a transparency report on requests for data or content.
"I am committed to being open and honest with you about areas where we are strengthening our platform and areas where users can take steps of their own to best use and protect themselves on the platform," Yuan said.
"Our chief concern, now and always, is making users happy and ensuring that the safety, privacy, and security of our platform is worthy of the trust you all have put in us."