back to article Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

A bunch of Trend Micro anti-malware tools have vanished from Apple's Mac App Store – after they were spotted harvesting and siphoning off users' browser histories. Dr Cleaner, Dr Antivirus, and App Uninstall – utilities owned by the Japan-headquartered security house and distributed on the Mac App Store – are no longer …

  1. Anonymous Coward
    Anonymous Coward

    Oh well, no worries

    Its not like we're in the middle of a fundamental breakdown in trust between big tech and users worldwide (privacy-raping malware in AV: Avast / Avg / Win10 etc)..... At the same time as we're enjoying a security meltdown period / apocalypse. Now Silly-con-valley heads are building bunkers in NZ... Is there something we should know?

    bloomberg.com/features/2018-rich-new-zealand-doomsday-preppers/

    1. Kevin McMurtrie Silver badge

      Re: Oh well, no worries

      It's not time for an apocalypse, but definitely time for another tech economy collapse. As before, marketing is transforming from a tool to a product. It's an expensive infrastructure promising money for businesses while producing nothing at all for customers.

    2. JohnFen

      Re: Oh well, no worries

      "Is there something we should know?"

      Yes, that this sort of behavior from that group isn't remotely new. I think it's just a common thing that happens when that flavor of sociopath gets too much money too fast.

    3. dansbar

      Re: Oh well, no worries

      We don't want them and we changed the law to keep them out.

  2. 2Nick3

    VW-ing (cheating) the App-Store screening?

    "The other benefit is that Apple supposedly vets all submitted applications - but as we've clearly shown here, they (sometimes?) do a miserable job."

    Could Trend Micro have coded the apps to detect when they are being tested by Apple and not do the data slurp?

    1. Anonymous Coward
      Anonymous Coward

      Re: VW-ing (cheating) the App-Store screening?

      If smartphone makers do it all the time with benchmarking apps and mega corps like Volkswagen, why not? Security firms regularly report malware dormancy as a stealth tactic. Apple aren't immune, so specially targeting their Labs makes sense.

    2. Steve Knox

      Re: VW-ing (cheating) the App-Store screening?

      Could Trend Micro have coded the apps to detect when they are being tested by Apple and not do the data slurp?

      More likely Apple does the test on a clean VM, so no data to slurp.

    3. gnasher729 Silver badge

      Re: VW-ing (cheating) the App-Store screening?

      "Could Trend Micro have coded the apps to detect when they are being tested by Apple and not do the data slurp?"

      Uber turned some anti-privacy features off if they found that your phone was in or near Cupertino, where the reviews are done.

  3. NoneSuch Silver badge
    Thumb Down

    I'm sure Apple made copies of all URL traffic for their own records.

    1. gnasher729 Silver badge

      "I'm sure Apple made copies of all URL traffic for their own records."

      You obviously mean while testing the app, using a device that is owned by Apple, and the application submitted for review by some company, they will make copies of all URL traffic for their own records? Quite possible. More possible that they will do it in the future. Very possible that they will modify their phones they use for testing to not report "Cupertino" as their location, but some random place in the world.

      If you mean traffic on my Mac while I use it: Don't be f***ing ridiculous.

      1. A.P. Veening Silver badge

        Trust

        "If you mean traffic on my Mac while I use it: Don't be f***ing ridiculous."

        Meaning you still trust Apple? I'd like to see some proof Apple is trustworthy.

        And yes, I am paranoid. My question is: Am I paranoid enough?

  4. JohnFen

    Security purposes?

    "done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)"

    Product and service improvement is not a "security purpose" -- so which is it, for security purposes or product research and marketing? I rather suspect that "security purposes" is just bullshit intended to make this slurping sound more reasonable.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security purposes?

      Asus routers are also known to send data to Trend Micro:

      https://www.computerworld.com/article/3194843/internet/asus-router-warnings-on-privacy-and-security.html

    2. TRT

      Re: Security purposes?

      Well I can SORT of see why... I mean, installing an antivirus product could often be in response to something that made you think you needed it. Weird browser behaviour, unrequested downloads, pop-ups, that kind of thing. And of course, once they know what the most prevalent trigger is, they can make sure to deploy that more widely in order to increase the general level of paranoia and thus sell more product.

  5. Marty McFly Silver badge
    Facepalm

    1 - 2 - 3 - Not it!

    It's in the EULA that you didn't read. You clicked 'next' when we strongly advised you to read our lawyer's document first. Not our fault. Your fault.

    1. Phil Endecott

      Re: 1 - 2 - 3 - Not it!

      > It's in the EULA that you didn't read.

      But did Apple’s reviewer read this EULA for us?

    2. P. Lee

      Re: 1 - 2 - 3 - Not it!

      >Not our fault. Your fault.

      Correct. And that's not a lesson that's likely to be forgotten or which will engender gratitude from the learners.

      Open source. No Cloud.

      1. Anonymous Coward
        Joke

        Open source. No Cloud.

        Sorry, but reading the whole code is longer and more complex (maybe not always) than reading the EULA...

      2. Doctor Syntax Silver badge

        Re: 1 - 2 - 3 - Not it!

        "Correct."

        No longer. Remember GDPR is now active.

        1. doublelayer Silver badge

          Re: 1 - 2 - 3 - Not it!

          Yes, that's so. How does it work if it went like this:

          Due to GDPR, we require to accept our terms of service and privacy policies for doctor antivirus [tm] to REMOVE ALL MALWARE from your system. In order to perform our 99% effective algorithms, we will need to collect information about whether the code crashed [several more clauses] and some information about your computer [left unexplained]. Please check these boxes to note that you understand that we take your privacy and security seriously, and then we'll start our medical scan [tm] algorithm to find the malware that caused you to install this in the first place. Just check these boxes, and it's all done!

          I certainly hope it still works in that case, and I'll cheerfully watch on as Dr. Privacy Cheat and the rest of their software earns them a massive bill. However, I figure that lawyers eventually figured something out with regard to that particular issue.

          1. EJ

            Re: 1 - 2 - 3 - Not it!

            I know no one is reading the EULAs for anything because if you did, you wouldn't consent to most of them. Our Procurement department is now going over EULAs with a fine-tooth comb. Purchases that used to take 60-90 days from selection to product-on-site are now taking upwards of a year, if the vendor agrees to negotiations in the first place. I'm still waiting to hear how they made out with negotiations with Fydor, who they told me they were going to contact to hammer out an agreement. "Fine," I said, "but while you're doing that we're going to go ahead and use his Nmap product anyway."

    3. gnasher729 Silver badge

      Re: 1 - 2 - 3 - Not it!

      "It's in the EULA that you didn't read."

      Actually, if your app is on the app store, it must also follow the rules of Apple's default EULA. And if you were hiding that it was violating the app store rules (which Trend Micro probably did), Apple can refund all the customers and ask Trend Micro back for the money. For the complete 100% of the purchase price, not the 70% that Trend Micro received.

    4. Doctor Syntax Silver badge

      Re: 1 - 2 - 3 - Not it!

      "It's in the EULA that you didn't read."

      And if you try that on an EU resident with the boxes pre-ticked you're lining your company up for fines of 4% of global turnover. Could that be why it's been withdrawn?

  6. Anonymous Coward
    Anonymous Coward

    It is not entirely clear

    " It is not entirely clear yet whether Apple took action itself and stripped the info-collecting software from its online macOS application store, or if Trend Micro pulled the apps itself following complaints. Its website today still links to the downloads even though they are no longer available."

    I've seen this happen before where larger, well-known app developers get caught violating the rules and are pulled but are later allowed to return.

    Any lesser-known developers would have a lifetime ban for doing the same things.

    (That 30% commission at play.)

  7. My Coat

    GDPR?

    So do an Europeans affected by this have any rights to redress under GDPR?

    1. Doctor Syntax Silver badge

      Re: GDPR?

      "So do an Europeans affected by this have any rights to redress under GDPR?"

      They have right to register complaints with the appropriate regulator which could lead to large fines (maybe even 4% of Apple's turnover if they were held to have responsibility). Not the sort of redress you might have been thinking of but there could be accommodation to be reached if you were prepared to withdraw the complaint.

      As this sort of thing works its way into corporate conciousness I think the operators of app stores are likely to tighten up to avoid the risk of vicarious liability.

  8. SVV

    anti-malware tool?

    An anti-malware tool that slurps personal information isn't anti-malware. It's malware.

  9. Anonymous Coward
    Anonymous Coward

    It wouldnt be a Trend Micro product otherwise

    I worked for company that had the good fortune to use Trend Micro Antivirus and it caused vastly more problems than it solves. Locked files broke builds and the end product, false positives (on our own code!), huge IO slowdown. We had to disable the AV in the dev environment because it would just break otherwise.

    Perhaps Trend aren't alone in this and all AV sucks. What I do know, is that buying a site licence for a product of this nature is the kiss of death for productivity. You will never get rid of licensed software no matter how shitty, broken or otherwise unfit for purpose it is. No matter how much you complain, or highlight how much time / money has been wasted fighting it, the higher ups won't see it that way.

    1. doublelayer Silver badge

      Re: It wouldnt be a Trend Micro product otherwise

      I've seen it used as well. The version that we had had a scan scheduled every week during the middle of the afternoon on Wednesday, when you were working. The software would courteously ask you to confirm the scan, with the option to delay it. Nice and respectful, no? No, not really, because the delay function didn't work all that well, and would sometimes delay all the way until you logged in on Thursday morning, when it wouldn't ask you but would just cheerfully scan everything with the accompanying lag in performance. And because whatever group was responsible for scheduling the original scan for when people were working, most users would go with the only guaranteed way of continuing to be productive: clicking the "skip this scan" button every single Wednesday.

    2. Anonymous Coward
      Anonymous Coward

      Re: It wouldnt be a Trend Micro product otherwise

      I recently had the misfortune of looking at an ex-company PC that the owner of the company, a friend of the in laws, wanted to use as a home desktop.

      It had Trend Micro on it, which was causing slowdown and had a policy of locking out access to USB drives.

      I'll uninstall I thought, but it needed a password which was set when it was installed. Which could be circumvented via a registry key. Which was locked until you disabled the service on startup.

      Even after uninstalling it would not allow USB key access, in the end I had to do a system restore and grab the likes of malwarebytes off ninite.

  10. This post has been deleted by its author

  11. adam payne

    This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service).

    Slurping data to improve a product and / or service isn't for security purposes. Slurping that data is for marketing and research and you know it. Stop trying to justify why you did it.

    1. Anonymous Coward
      Anonymous Coward

      Though I've worked in places where usage logs of the product are sent 'home', such that if a failure is reported the actions up until that point can be traced.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like