Apple has removed cyber-security firm Trend Micro’s apps from the Mac App Store after reports of it ‘stealing user data’ and sending it to unidentified servers came to light. Initially, the firm stated that all of these allegations were false, and later apologised for the whole matter at hand. The company says that its apps – Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder – collect data only once, and this is purely done for security purposes. Later, it issued an apology stating that an issue regarding a common code in browser collection functionality has been found and rectified, and all data logs have been permanently dumped. In any case, Apple no longer lists any of the above apps on the Mac App Store.
Trend Micro earlier said that its apps collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was done for security purposes to ascertain whether the device had any adware or threat installed, and was uploaded to a US-based server hosted by Amazon Web Services (AWS) managed and controlled by Trend Micro. It initially claimed that it never stole any user data without consent, and that this one-time data collection was mentioned in the disclosure, and is accepted by the user.
However, later, Trend Micro issued an apology stating, “We believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.” The company said that it has permanently dumped all legacy logs stored in AWS, and has removed the browser collection features across its consumer products.
The company is now in the process of reviewing and re-verifying its user disclosure, consent processes, and posted materials for all of its products, and in the meantime, all of the apps remain unlisted on the Mac App Store. We recommend users to delete any of the above mentioned apps from their Mac devices, and use other alternatives instead. Trend Force notes that none of the data collected has been compromised at any point, so users of these products need not worry of a breach. However, all app makers must form the habit of explicitly informing the user if they collect any data for any purposes.