Zoom, the videoconferencing app that has recorded an explosion in growth during the coronavirus pandemic, has said it will deploy all of its engineering resources to tackle data privacy concerns after coming under fire for lax practices, as European and US regulators begin to circle.
Zoom’s chief executive Eric Yuan issued a mea culpa on Thursday and said that over the next 90 days the app was freezing the building of new features and instead “shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues”.
The move comes as the Silicon Valley company, which listed publicly in April last year, battles to stem a public backlash following a litany of data security and privacy stumbles in recent days.
These include revelations of undisclosed data sharing practices, features that allowed users to harass other users or mine data from them without their knowledge, and misleading statements about its encryption capabilities — all of which it has since acknowledged publicly and sought to address with policy or technology updates.
“We recognise that we have fallen short of the community’s — and our own — privacy and security expectations,” Mr Yuan said in a blog post, adding that the group had not foreseen the explosion in popularity of the product as millions have shifted to remote working under national lockdowns. “For that, I am deeply sorry.”
While Zoom’s shares are nearly double where they were at the start of the year, they have dropped more than 20 per cent from highs last week, giving the company a market capitalisation of $34bn.
The mis-steps are now attracting increased scrutiny from regulators. Graham Doyle, a deputy commissioner with the Irish Data Protection Commission, which oversees the EU’s privacy regulations, told the Financial Times on Thursday that the regulator had “contacted other privacy watchdogs” in the bloc to assess whether member states had received complaints or had worries about the app.
A spokesperson for the UK’s Information Commissioner’s Office said that it was “considering various concerns that have been raised regarding video conferencing apps”.
This week, the New York state attorney-general sent a letter to Zoom raising questions as to whether the company could properly protect sensitive user data amid the sharp spike in traffic.
In his blog post on Thursday, Mr Yuan said that the company now had 200m daily meeting participants, up from a maximum of 10m at the end of December.
As part of efforts to ramp up security, he also committed to undertaking third-party security reviews of “new consumer use cases”, preparing a transparency report related to data requests made to Zoom, and “enhancing” a bounty programme that encourages hackers to search for bugs in its system.
Even before its spectacular rise, security experts have raised concerns about the app, particularly after the discovery last year of a serious bug that would have allowed potential hackers to hijack a user’s device webcam.
Zoom is also facing wariness from some security experts over its operations in China, where it has a data server, and a research and development department with more than 700 staff as of January 31, according to regulatory filings.
The company told the Financial Times that “data originating in the US stays in the US, and cross-border meeting data goes to wherever the host’s enterprise account is headquartered”.
It added that “Zoom’s employees based in China do not have clearance or the ability to access to meetings, recordings or data held outside of China”.
Meanwhile, the app faces looming challenges from larger rivals: Facebook on Thursday launched a desktop version of its Messenger app, casting the new platform as an opportunity for users to do “group video on a large screen”.
Get alerts on Technology sector when a new story is published