Cybersecurity giant Trend Micro has apologized after researchers discovered that a number of the company’s consumer-facing apps were collecting users’ browser histories.
Thomas Reed, the lead for Mac and mobile at Malwarebytes, published research last week that discovered a number of MacOS apps were exfiltrating sensitive data to servers controlled by the developer. A number of these apps – Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery and Duplicate Finder — are owned and operated by Japan-based Trend Micro.
Apple normally places tight restrictions on what data app developers can collect. Yet Read found that the apps were pulling data that they should not have had access to.
With regard to Dr. Antivirus, Reed found the app was pulling complete browsing and search history from Chrome, Firefox, Safari and the App store. Additionally, the app also created a file that “contained detailed information about every application found on the system.”
Reed found similar behavior on the related Trend Micro apps.
Trend Micro provided an explanation on Monday, saying the collection was a one-time data collection done for security purposes, with data being stored in U.S. data centers run by Amazon Web Services.
“The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation,” a Trend Micro blog post reads.
The company says it has removed the features from the apps, blaming the collection on a re-use of a certain code library.
“We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion,” the blog post read. “This has been corrected.”
The incident follows a similar discovery, where one of the most profitable apps in the official Mac App Store — Adware Doctor — was side-stepping around Apple’s controls to surreptitiously grab a user’s browser history and send it back a company in China.
Reed wrote that at the time of publication, the apps were still available in the store. However, as of this article’s publication, none of the Trend Micro apps were available for download. It’s unclear if Apple kicked the apps out of the store, or Trend Micro removed them after the research was published.
The researcher says the incident is a perfect example that even with Apple’s tight controls, the various App Stores are not clear of security issues.
“It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be,” Reed wrote .”I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of.”