Facepalm: After being caught uploading user’s browser history to the cloud, Trend Micro has issued an apology. Some how the “security feature” also ended up in non-security applications.
Security firm Trend Micro has issued a response to allegations that it has been stealing and uploading browser history to Chinese servers of users who have downloaded apps from the Mac App Store. Although China is not getting your data from Trend Micro, the firm still had some major trust issues to address.
Previously, apps entitled Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder were all designed to take a snapshot of browser history upon first launch. According to Trend Micro, only the last 24 hours of browsing history would be collected and then uploaded to US-based Amazon servers.
In a blog post by the firm, it is stated that browser history collection was intended to be used to identify malicious sites that users may have visited recently. On technicality, the EULAs for these apps did disclose this behavior. However, knowing that nobody ever bothers to read through them carefully, it is no surprise that end users were upset to find their browsing histories were being stored in the cloud.
While there is some logic in scanning browser history for potential threats, not all of the apps collecting information were for security purposes. A shared code library among many of Trend Micro’s apps caused this feature to be implemented across a variety of their apps without any proper oversight or audit.
Thankfully, Trend Micro has taken the right course of action and has agreed to stop collecting your browser history via its apps in both security-focused and non-security programs. Updated versions of the apps in question should no longer capture history and upload it.