Microsoft Bing included potential illegal content in their IOS mobile App.

I have been back and forth on releasing this finding.

To limit the risk for harm in releasing this information; I have allowed 10 months since sharing with Microsoft with the hopes that most users have upgraded and replace their version of Microsoft Bing from their devices.

I shared with Microsoft I intended to release this information they had asked me to allow them to review before releasing: "Can you provide us a copy of the article you intend to publish so we can review?"

To let them edit or review the content felt inauthentic, so I have went forward and shared with no ill will towards Microsoft and with the intention of a safer happier world for all :)

I can see that unfortunately if nothing is shared it might allow:

a) A legal precedent for humans to argue that the content of their web history is not theirs, but the device history came that way from Microsoft Bing.

b) Allow prosecution of other humans in parts of the world blaming them for the content Microsoft has placed in their Bing App which resides on their devices.

Search term contents categories that are questionable:

1) Zoophilia (https://en.wikipedia.org/wiki/Zoophilia_and_the_law) not legal in Turkey, the United Kingdom, NZ, Some States in the USA. And not kind to Animals in the first place.

2) Child Pornography.

3) Incest

In either case, harm will be done.

Those who need help will not be helped, and further harm is likely to occur to those on are planet which is not needed.

Firstly I would like to say, Microsoft was quick to take action to remove the content within days of my security report. Accidents happen, and I believe this was just a case of human error which we are all guilty of at some point in life :)

Data Exposed:

Microsoft Bing for IOS, Bing Search - apps, web, images, videos & news (com.microsoft.bing) https://itunes.apple.com/us/app/bing-fast-beautiful-mobile/id345323231?mt=8

Time Period of Data left in Application: From November 12, 2015 - April 26th 2016

FileName: SearchTestQueries.tsv

Versions: 6.0.3.0 Versions: 6.1.0.0 Versions: 6.2.0.0 Versions: 6.3.0.0 Versions: 6.4.0.0 Versions: 6.4.1.0 Versions: 6.5.1.0

Sample File Content from 10,000 entries in the file Microsoft included in their Bing IOS App.

This file was copied onto ever users device when they installed the app from the Apple App Store.

(41.xxxxxx, -85.xxxxxx) preteen girl get pussy lick by female teachter. (40.xxxxxx, -122.xxxxx) kiddie preteen pics (41.xxxxxx, -71.xxxxxx) preteen panty model camel toe (39.xxxxxx, -94.xxxxxx) is it legal to suck a horse dick (31.xxxxxx, -97.xxxxxx) fucking with a double dildo (47.xxxxxx, -120.xxxxx) teens take horse dick (40.xxxxxx, -74.xxxxxx) movie where black guy gets raped by nazi (45.xxxxxx,-122.xxxxxx) best rape clips 1 (31.xxxxxx, -97.xxxxxx) how to get a dog's dick ready to fuck (47.xxxxxx,-120.xxxxxx) teens take horse dick (40.xxxxxx, -80.xxxxxx) forced to fuck by biker gang (36.xxxxxx,-115.xxxxxx) dad fuck daughter while sleeping (40.xxxxxx, -73.xxxxxx) father loves to eat daughter pussy (33.xxxxxx,-118.xxxxxx) stick inside penis fetish (39.xxxxxx,-105.xxxxxx) whats a penis enlarger? (44.xxxxxx, -88.xxxxxx) std symptoms with discharge from the penis (44.xxxxxx, -92.xxxxxx) young pussy (39.xxxxxx, -84.xxxxxx) 5542 calories do you burn sucking dick (40.xxxxxx, -75.xxxxxx) how to make a penis emoji (30.xxxxxx, -90.xxxxxx) green circle on base of penis under skin

I am hoping that all data is random, and not a real world Troll Trace, but it looks to include full users Latitude and Longitude, which I have redacted them here in my report.

If companies or individuals out there are in need of CyberSecurity, I'm happy to help where I can. Or direct you based on the information I know to seek what might help best.

I know finances are limited for some. I have a small amount of time each month I donate to help out those who have financial limitations. So please reach out and I'll do my best to provide help :)

Wish you well on your side of the screen :)

-Eric

apphero@codecancare.com