Security firm Trend Micro has apologized after several of its consumer macOS anti-malware products and utilities were discovered to be capturing the notebook's browser history data and sending it to a remote server.
Trend Micro apps, which have been removed from the Mac App Store, included Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, and Dr Unarchiver.
The apps in question were collecting users browser history and sending files, including user passwords, in a ZIP archive to a remote server.
Apple's App Store developer policy stipulates that apps need to gain consent if they collect user or usage data.
Trend Micro confirmed that several of its products were collecting a "snapshot" of users' browser history data but said this was done in order to spot potential adware encounters.
"Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products," the company said in a blog post.
"The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)."
The company notes that it disclosed this data collection in its end-user license agreements and that browser history data was uploaded to a US server hosted by Amazon Web Services and managed by Trend Micro.
Trend Micro blamed the behavior on the use of common code libraries and has now removed the browser data collection feature and deleted logs store on the AWS servers.
"[W]e believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected," the company said.
RECENT AND RELATED COVERAGE
macOS Mojave is the latest version of the Mac operating system, unveiled today during Apple's WWDC conference.
New malware persistence method works only on Windows 10 and abuses built-in UWP apps like the Cortana and People apps.
The newest security flaw striking iOS and OS X can be avoided with the Golden Frog VyprVPN 2.0. It's for a anyone using their iPad or iPhone to access the Internet via public Wi-Fi.
Apps collect data such as GPS coordinates, WiFi network IDs and more, and pass all of it to advertising and monetization firms.
Face ID isn't perfect. Here are some key ways it could be killer on the next iPhone (and iPad).