X
Tech

​Trend Micro says sorry after apps grabbed Mac browser history

The company has now removed a browser history data collection feature from its macOS products.
Written by Liam Tung, Contributing Writer

Security firm Trend Micro has apologized after several of its consumer macOS anti-malware products and utilities were discovered to be capturing the notebook's browser history data and sending it to a remote server.

Trend Micro apps, which have been removed from the Mac App Store, included Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, and Dr Unarchiver.

The apps in question were collecting users browser history and sending files, including user passwords, in a ZIP archive to a remote server.

Apple's App Store developer policy stipulates that apps need to gain consent if they collect user or usage data.

Trend Micro confirmed that several of its products were collecting a "snapshot" of users' browser history data but said this was done in order to spot potential adware encounters.

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

"Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products," the company said in a blog post.

"The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)."

The company notes that it disclosed this data collection in its end-user license agreements and that browser history data was uploaded to a US server hosted by Amazon Web Services and managed by Trend Micro.

Trend Micro blamed the behavior on the use of common code libraries and has now removed the browser data collection feature and deleted logs store on the AWS servers.

"[W]e believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected," the company said.

RECENT AND RELATED COVERAGE

Apple improves security protections in macOS Mojave

macOS Mojave is the latest version of the Mac operating system, unveiled today during Apple's WWDC conference.

Apple strengthens App Store privacy with more rules for developers

New privacy policy comes into force on October 3, requiring developers to detail how they collect and use data.

Researcher finds new malware persistence method leveraging Microsoft UWP apps

New malware persistence method works only on Windows 10 and abuses built-in UWP apps like the Cortana and People apps.

Use VPN security to protect iPads and iPhones from new security flaw (TechRepublic)

The newest security flaw striking iOS and OS X can be avoided with the Golden Frog VyprVPN 2.0. It's for a anyone using their iPad or iPhone to access the Internet via public Wi-Fi.

Tens of iOS apps caught collecting and selling location data

Apps collect data such as GPS coordinates, WiFi network IDs and more, and pass all of it to advertising and monetization firms.

Face ID 2 could be the biggest improvement on the iPhone XS (CNET)

Face ID isn't perfect. Here are some key ways it could be killer on the next iPhone (and iPad).

Editorial standards