Trend Micro Hits Back at Mac App Store Reports

Trend Micro Hits Back at Mac App Store Reports

Trend Micro has moved quickly to counter privacy and security concerns over the browser data collection features of some of its Mac apps.

Dr. Antivirus, Dr. Cleaner and Dr. Unarchiver were top-selling and rated apps on the Mac App Store before Apple apparently removed them following reports of unusual behavior.

Some reports suggested they were akin to the Adware Doctor app which was removed last week after researchers claimed it gathered and sent data on browser history, running processes and software downloads to China.

However, the security giant hit back yesterday, stating: “Reports that Trend Micro is ‘stealing user data' and sending them to an unidentified server in China are absolutely false.”

The firm claimed that the three apps — as well as Dr Cleaner Pro, Dr. Battery, and Duplicate Finder — collected and uploaded a “small snapshot of the browser history on a one-time basis, covering the 24-hours prior to installation.”

“This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation,” the firm continued.

“The browser history data was uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro.”

However, Trend Micro said it has also now completely removed the browser data collection feature across these consumer products and erased any related legacy logs stored on those AWS server, in order to allay any lingering customer concerns.

The firm added that it has identified a “core issue” which was down to the use of common code libraries.

“We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion,” it said. “This has been corrected.”

Source: Information Security Magazine