Trend Micro tools removed from Mac App Store over “data exfiltration” claims

By on
Trend Micro tools removed from Mac App Store over “data exfiltration” claims

Several anti-malware tools developed by cyber security company Trend Micro have been removed from Apple's Mac App Store.

Trend Micro-owned applications including Dr. Cleaner and Dr. Antivirus, have disappeared from the Mac App Store after experts, including Malwarebytes Labs' head of Mac Thomas Reed, suggested that user data was being 'exfiltrated' from these products.

Examining the apps' code, Reed and others also claimed Trend Micro's repertoire of apps was sending data to a server in China based on the fact a domain was registered in the country - a charge Trend Micro flatly denies.

Apple, having revamped its rules earlier this year to prioritise user privacy, reportedly began removing Trend Micro's apps once alerted to the complaints two days ago, with all apps now off the store at the time of writing.

Trend Micro denied all claims it was stealing user data and sending them to an unidentified server in China, branding them "absolutely false".

In a post responding to the controversy, the Japanese firm said it completed an investigation into the six apps removed from the Apple Mac Store and concluded they "collected and uploaded a small snapshot of the browser history on a one-time basis".

In a further update, Trend Micro confirmed it had removed the data collection features across the consumer products in question, and permanently dumped legacy logs stored on a US-based AWS server.

Finally, the company identified what it claimed to be a "core issue which is humbly the result of common code libraries", learning the data collection functionality was designed the same across all of its apps regardless of whether this was necessary for the app to work.

"The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation," the company said.

"The browser history data was uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro.

"We apologise to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised."

IT Pro has approached Apple for comment but it had not responded at the time of publication. 

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Disties and vendors are pushing their financial services. Are you biting?
Yes - to move away from banks!
Yes - to spread risk
Yes - dipping toes in the water
Not yet - but we like the look of it
No - looked at it and decided not to
No - it's just not right for us
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?