Probably because the MITM vulnerability is horrible sloppiness, but the ad serving is done with the malicious intent of continuing to extract revenue from users that just ponied up a couple thousand dollars for the laptop to begin with.
I've read people saying there's no way developers didn't know what they were doing WRT the MITM vulnerability. To them I say "you've never worked for a giant corporation." Security holes are second in volume only to spent Keurig pods.
However, the choice to turn someone's entire computer in to an adware mechanism was explicit and just really sleazy.
I believe the possibility that a developer capable of understanding and creating this local MITM not being aware of the wider security implications is near zero. That would be like a scientist understanding nuclear fission and bomb making not knowing that detonating it in the middle of a city would cause a lot of deaths...
The MITM framework was created by a separate company from the company that developed the specific piece of software. Just like you don't actually have to have a clue how a web server works to write a Rails app, the Superfish developers bought an off-the-shelf MITM framework and used it, which doesn't require much thought.
I've read people saying there's no way developers didn't know what they were doing WRT the MITM vulnerability. To them I say "you've never worked for a giant corporation." Security holes are second in volume only to spent Keurig pods.
However, the choice to turn someone's entire computer in to an adware mechanism was explicit and just really sleazy.