Microsoft says its Recall app — which captures and shops display pictures each few seconds — is secure. Safety researchers hold saying in any other case.
Recall was initially billed as a “photographic reminiscence” to retailer every part Home windows customers do on their computer systems. Individuals might then see a few of these display pictures at a later time by looking out AI with plain-text queries resembling pink barn. (See illustration above.)
Choose members of Microsoft’s unique Home windows Insider program have had entry to Recall for greater than a yr. Customers of AI-enabled Copilot+ PCs began receiving Recall as an opt-in characteristic in April 2025, one yr in the past this month.
However since its debut, specialists have repeatedly demonstrated that hackers can entry the info Recall shops. This raises questions on whether or not a device that data your whole digital life can ever be adequately secured. The state of affairs is creating uncertainty about Microsoft’s plans to make Recall extra broadly obtainable on all PCs.
Alexander Hagenah, govt director of SIX — a Zürich-based know-how firm that operates infrastructure for inventory exchanges in Switzerland and Spain — described Recall’s safety weaknesses in a LinkedIn submit in April 2025. He additionally launched an app he known as TotalRecall that might “extract all captured home windows and pictures taken by Recall … nothing encrypted, no rocket science wanted.”
Becoming a member of different researchers, the College of Pennsylvania’s Workplace of Data Safety launched a warning on Apr. 14, 2025, concerning the model of Recall that was then obtainable. The college’s announcement acknowledged that Recall “introduces substantial and unacceptable safety, legality, and privateness challenges” [emphasis in the original]. The assertion added that directors of “Home windows environments at Penn are strongly urged” to disable Recall.
In response to criticisms resembling these, Microsoft — to its credit score — pulled again on its plans to roll out Recall to all Home windows 11 PCs that met pretty excessive system necessities (together with a neural processing unit and eight logical processors, in line with an MS Be taught doc). As an alternative, the corporate introduced in a weblog replace on June 13, 2024, that Recall would turn out to be obtainable solely to members within the firm’s a lot smaller Home windows Insider program.
Within the time since that call, the destiny of Recall has turn out to be even murkier. Journalist Zac Bowden wrote in a Home windows Central weblog submit on Jan. 30, 2026, that Microsoft is “pulling again its Home windows 11 AI push with a significant Copilot and Recall rethink.”
The issue is that it’s robust for software program engineers to make information ultra-convenient for finish customers to entry whereas concurrently securing it so it’s impervious to hackers.
It’s onerous to keep in mind that the corporate’s authentic objective was ease of use, now that Microsoft’s focus has modified to creating the safety of its screen-cap app impenetrable.
Microsoft says Recall blurs pictures of credit-card numbers, financial institution passwords, and different private information — or doesn’t retailer them in any respect. However safety specialists are nonetheless not satisfied.
After testing the newest model of Recall, Swiss technologist Hagenah just lately issued a brand new proof-of-concept known as “Whole Recall Reloaded” on a GitHub web page. In his feedback, Hagenah mentioned any malware operating on a consumer’s PC can copy each Recall display shot because it passes by in-process reminiscence: “No admin required. Normal consumer. No kernel exploit.”
Hagenah has not publicly disclosed some safety holes, saying he’s reported them to Microsoft and gained’t launch the technical particulars till the Redmond firm has fastened the issues.
Already, malicious hackers have written code to reap the benefits of Recall’s display pictures. The malware can entry Recall’s personal reminiscence to repeat display caps and ship them to a faraway server. Hackers now not want to put in writing such code from scratch. (The process is described in a technical overview by cybersecurity author Kevin Beaumont.)
At this writing, fewer than 10% of Home windows 11 PCs can allow and run the present model of Recall. Microsoft representatives responded to my inquiries about plans for the app’s future availability by pointing to a Sept. 27, 2024, safety replace and an Apr. 25, 2025, weblog submit.
