Apple removes Trend Micro tools from Mac App Store over “data exfiltration” claims

Trend flatly denies experts’ claims it is stealing user data and sending it to China

Trend Micro website displayed on a smartphone device

A host of anti-malware tools developed by cyber security company Trend Micro have been removed from Apple's Mac App Store.

Six apps including Dr. Cleaner and Dr. Antivirus have disappeared from the Mac App Store after experts, including Malwarebytes Labs' head of Mac Thomas Reed, spotted that user data was needlessly being 'exfiltrated' from these products.

Advertisement - Article continues below

Examining the apps' code, Reed and others also claimed Trend Micro's repertoire of apps was sending data to a server in China based on the fact a domain was registered in the country - a charge Trend Micro flatly denies.

"It's blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be," Reed said.

"I've been saying this for several years now, as we've been detecting junk software in the App Store for almost as long as I've been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of."

Apple, having revamped its rules earlier this year to prioritise user privacy, began removing Trend Micro's apps once alerted to the complaints two days ago - with all apps now off the store at the time of writing.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Facebook just last month clashed with Apple over data collection concerns surrounding its controversial Onavo Protect VPN app; voluntarily removing its service from the App Store after talks with the iPhone manufacturer.

Trend Micro denied all claims it was stealing user data and sending them to an unidentified server in China, branding them "absolutely false".

In a post responding to the controversy, the Japanese firm said it completed an investigation into the six apps removed from the Apple Mac Store and concluded they "collected and uploaded a small snapshot of the browser history on a one-time basis".

In a further update, Trend Micro confirmed it had removed the data collection features across the consumer products in question, and permanently dumped legacy logs stored on a US-based AWS server.

Finally, the company identified what it claimed to be a "core issue which is humbly the result of common code libraries", learning the data collection functionality was designed the same across all of its apps regardless of whether this was necessary for the app to work.

Advertisement - Article continues below

"The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation," the company said.

"The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

"We apologise to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised."

IT Pro has approached Apple for comment but it had not responded at the time of publication. 

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/strategy/28185/what-is-data-mining
Business strategy

What is data and big data mining? An easy guide

22 Aug 2019
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020

Most Popular

Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020