If there’s one thing we’ve learned this year, it’s the importance of being careful with who gets your data.
We already know that Cambridge Analytics violated the privacy of millions of Facebook users and that Google tracks your movements even when you tell it not to. Who could’ve predicted that a security firm would sneakily pilfer your data as well?
The security firm, Trend Micro, Inc., has had several of their anti-malware apps removed from the Mac App Store after they were found to be sending users’ browser history data, which included passwords, to a remote server. This is a breach of the App Store’s developer policy, which requires apps to obtain user consent before collecting any personal data.
It was discovered that Trend Micro had been using hardcoded strings to extract browser history and identification information, like the user’s operating system and serial number, which was then exported to a server in China.
The Trend Micro apps removed from the store include:
- Dr. Cleaner, an app that offers “memory optimization, disk cleaning and system monitoring.”
- Dr. Cleaner Pro
- Dr. Antivirus, “an app that ensures your privacy and the security of your financial information while you are using your Mac.”
- Dr. Unarchiver, which allows users to “browse and open files directly from archives.”
In a separate case, another app called Adware Doctor was also removed from the App Store for the same reasons.
Prior to their removal, Trend Micro’s apps all held four-star ratings with thousands of reviews. Now, only two of their apps are still available to download in the store: Network Scanner and Dr. Wifi.
In a September 10 blog post, Trend Micro denied stealing user data, calling the accusation “absolutely false,” but provided no explanation as to why their apps had been deleted from the App Store. Instead, they assert that an “initial investigation” found that they had only been taking “snapshots” of users’ browser histories, supposedly to circumvent any adware attacks.
“The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation,” they wrote. “This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service).”
Trend Micro also pointed out that their data collection was “explicitly disclosed” in the relevant end-user license agreements. Nonetheless, they say they have taken three steps to correct their actions: They have allegedly “completed the removal of browser collection features across (their) consumer products in question,” “permanently dumped all legacy logs, which were stored on US-based AWS servers,” and “identified a core issue which is humbly the use of common code libraries.”
A good motto for surfing the web and downloading apps nowadays is “trust no one.” Be cautious when handing out personal information to anyone, because it seems that no data is safe anymore.
What precautions, if any, are you taking to safeguard your personal data?