Apple removed several anti-malware apps from its Mac App Store after the apps were found to export users' browser histories. All of the apps in question are made by the cyber-security company Trend Micro, which initially denied the allegations but has since issued an apology to its users.
"Reports that Trend Micro is 'stealing user data' and sending it to an unidentified server in China are absolutely false," the initial statement says.
The statement also details what Trend Micro found in its investigation: the company claims that some of its apps, including Dr. Cleaner, Dr. Antivirus, and Dr. Unarchiver, uploaded a "small snapshot" of users' browser histories that covered the 24 hours before installation. The company claims this was done for "security purposes," particularly to see if users had recently come into contact with adware or other threats. The collected user data was uploaded to a US-based server hosted by Amazon Web Services and managed by Trend Micro.
As a result, Trend Micro states it removed this feature that collected users' browser history. In its apology update, the company also states it permanently dumped all legacy logs stored on the AWS server and identified common code libraries to be, what it believes, "a core issue" of this problem.
Apps like those made by Trend Micro are designed to check if the sites you want to visit are potentially dangerous or have a poor reputation. This is typically done on a site-by-site basis as the service checks the desired site against a local database. As Trend Micro explains in its support section, if a site can't be verified by a local database or a memory-cache search, the service consults its server.
But in this case, users had an entire day's worth of their browsing history sent to Trend Micro's server. Users will undoubtably be frustrated that their online privacy was violated and that possibly identifiable information was sent and stored in Trend Micro's server.
Similar problems have come up with browser extensions. Chrome, Mozilla, and Opera recently pulled the Stylish extension, which had nearly two million downloads, from their browsers after it was found to have tracked all websites visited by users and sent that data to its remote server.
Despite Trend Micro's remedy for the problem, none of its apps appear in the Mac App Store. Apple hasn't confirmed the reasoning for removing those apps, but the company's developer guidelines have become quite strict about what developers can do with user data. Apps must also get explicit permission to collect most user data, and developers must state how and what they will use that data for.
reader comments
35