Trend Micro Claims It Didn’t Steal User Data…. Then Back Pedals On That Claim

Well, Trend Micro has finally decided to respond to the firestorm that erupted on Sunday when it was discovered that some of their macOS apps were stealing the browser histories of users. And then the apps in question were promptly banned by Apple. Via a blog post, Trend Micro denied this…. Sort of:

Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false.

Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation (see, for example, the Dr Cleaner data collection disclosure here: The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

Well, that’s a crappy response which I am sure didn’t exactly win hearts and minds. Because sometime later they updated the blog post with this:

We apologize to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised.

We have taken action and have 3 updates to share with all of you.

First, we have completed the removal of browser collection features across our consumer products in question. Second, we have permanently dumped all legacy logs, which were stored on US-based AWS servers. This includes the one-time 24 hour log of browser history held for 3 months and permitted by users upon install. Third, we believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.

So I guess that the accusations weren’t completely false if Trend Micro backpedaled like this. I guess the optics just didn’t look too good. But they didn’t really answer the questions that need answering. Such as how pervasive was this practise? Were they doing this on their corporate line of products? How can we trust Trend Micro given all that is gone on? If Trend Micro really wants to address this, they need to be a transparent as possible. Otherwise, people will simply take their money elsewere.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: