Apple Removes Trend Micro Security Apps After Being Caught Collecting MacOS User Data. Apple has removed a couple of Trend Micro anti-malware apps from its Mac App Store, after they were caught collecting and siphoning off user data and browsing history without their consent. This news comes a few days after Apple removed another top security app – the Adware Doctor (not from Trend Micro) for similar reasons. The apps start collecting user data upon launch, put the information in a file and then exfiltrate it to their developer’s servers.
The three apps removed include Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver and are no longer available for download at the Mac App Store. These apps were spotted by multiple researchers to be collecting and uploading user data and browsing history from Safari, Firefox and Chrome, , as well as other sensitive information from applications installed on their systems.
The issue was initially reported by Malwarebyes founder, Thomas Reed who had earlier noticed the behavior and discussed it at a Malwarebytes forum in December 2017. Reed recently published a video the day before Apple removed the Trend Micro apps (10Sept2018), demonstrating how the apps collected user data from popular web browsers and then sent it to a server linked to https://www.trendmicro.com.
Within 24 hours, the revelation sparked controversy and other researchers joined in, including Patrick Wardle, co-founder of Digita Security and founder of Mac Security website – Objective-See; Privacy 1st (who discovered and reported Adware Doctor’s spyware-like behavior) as well as a couple of other researchers who reported the activity to Apple.
Meanwhile, the popular cyber-security vendor has downplayed the act, saying:
This was a one-time data collection of browser history, done for security purposes to analyze whether a user had recently encountered adware or other threats…to improve the product & service,
the company argued.
Normally, apps from the Apple Mac store are sandboxed, so they are fairly limited in the types and extent of data they can access. However, because security apps are built to scan for security issues and clean up systems, they need more information that other apps can’t access, so these apps are designed to request access to main files on the user’s devices to gain the access they need. Once a user grants the app access to the home folder, the app has access to all user preferences and settings.
The company explains, however, in a statement that it has completed an initial investigation of a privacy concern related to many of its MacOS consumer products.
We apologize to our community for concerns they might have felt and we reassure them that all their data are safe and at no point was compromised. We have completed the removal of browser data collection features across our consumer products in question and have permanently dumped all legacy logs, which were stored on US-based AWS servers. We have identified a core issue which is humbly the result of the use of common code libraries,
Trend Micro stated.