Apps include Dr Cleaner, Dr Antivirus, and App Uninstall
Several Trend Micro apps have been removed from the Mac App Store after they were found to breach Apple’s rules by exporting users’ browsing histories.
At least three apps – Dr Cleaner, Dr Antivirus, and App Uninstall – have disappeared from Apple’s distribution platform after security researcher Patrick Wardle revealed they had been harvesting data.
Wardle wrote how the apps have been collecting users’ browsing history and transmitting the information to a server based in China – an accusation Trend Micro has slammed as false.
The security firm did confirm, though, that browser histories are collected when the user first installs an app, something Trend Micro described as a “one-time” occurrence.
While it isn’t entirely clear whether the apps were booted out or whether Trend Micro removed them, this incident comes as Apple updated its rules on privacy policies.
From early next month, all iOS and OS apps will be required to include a detailed privacy policy which clearly sets out what data is being collected by the app creators, and what they’re doing with it.
The move comes after the introduction of GDPR across Europe, and in the wake of the Cambridge Analytica scandal.
Legacy log removal
Trend Micro confirmed that apps collecting browsing data also include Dr Cleaner Pro, Dr Unarchiver, Dr Battery, and Duplicate Finder, and apologized to customers.
It also removed browser history collection capability from the products, and said that no data had been compromised.
A statement read: “First, we have completed the removal of browser collection features across our consumer products in question.
“Second, we have permanently dumped all legacy logs, which were stored on US-based AWS servers. This includes the one-time 24-hour log of browser history held for three months and permitted by users upon install.
“Third, we believe we identified a core issue which is humbly the result of the use of common code libraries.”
The company added: “We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security-oriented apps such as the ones in discussion. This has been corrected.”
Apple has yet to comment on the incident, and did not confirm whether the apps were removed as a direct result of its new policy.
Fallen from the tree
This latest incident isn’t the first time Apple has taken steps to remove apps that have been found to harvest user data.
Facebook’s mobile VPN app Onavo Protect was pulled from the App Store in August after it was accused of using data collected from users for broader analytics purposes.
Apple pressured Facebook into removing the app, according to reports.
In a report by the GuardianApp project, released earlier this month, 24 iPhone apps were discovered to be collecting location data.
Apps cited in the report include ASKfm, Perfect365, and Homes.com.
According to the report, the apps are sharing user data collected from Bluetooth, GPS, and WiFi networks with third-party monetization firms.
