Two Trend Micro apps have been removed from the Apple app store in the past few days after allegations surfaced that they were exfiltrating user data.
Dr Cleaner was reportedly removed from the Apple App Store on Friday and Dr Antivirus, also owned by Trend, was reportedly removed this morning. Trend Micro is a Japanese company which reported ¥148 billion (£1 billion) turnover in 2017. It employs nearly 6,000 people worldwide. The security apps are consumer level security apps owned by Trend Micro which were available through the Apple App Store which claims to provide users with a protected environment from which to safely download apps for their Apple devices. Apple says that apps are tested prior to being offered to users in the App Store. Trend Micro declined to even confirm that the apps had been removed from the App Store, but in a statement sent to SC in response to a request for information, the company said: "Trend Micro is aware of a recent scrutiny of some of our consumer applications, including our Dr. Cleaner, a cleanup app that offers Memory Optimization, Disk Cleaning and System Monitoring, and Dr. Antivirus, an antivirus app that protects Mac users from adware and hijack browsers. "We take this situation seriously and are diligently digging into this before sharing additional details. We take data privacy very seriously and will do anything necessary to ensure our customers are protected."
The exfiltration of data from apps was noted by a security researcher who posts on Twitter under the name of @privacyis1st who joined the microblogging site in August 2018 and lists his home country as Germany. He joined forces with security researcher Patrick Wardle at MalwareBytes to dig into the behaviour of an app called Adware Doctor. For clarity, Trend Micro says it does not have anything to do with Adware Doctor. In a blog post, Wardle details the how Adware Doctor exfiltrates data such as browser history from Safari, Chrome and Firefox, a list of all running processes and a list of all software that has been downloaded to the device. Wardle noted that the app developers even had to exploit a flaw in IoS to enable them to access the list of running processes. Adware Doctor downloads personal data from devices, packages it in a zip file and sends to a server based in China, according to Thomas Reed, director of Mac and mobile at MalwareBytes Labs. While there is nothing intrinsically suspicious about sending data to China, he said that it might not be subject to the same legal protections for stored data as personally identifiable information in the US or EU would be. The behaviour of Adware Doctor was very similar to a Trend Micro’s product called Open Any Files which turned out to be uploading data to a TrendMicro.com subdomain, a behaviour that MalwareBytes notes has recently stopped. MalwareBytes then turned its attention to Dr Antivirus and found that it was also uploading data in a zip file to the same TrendMicro.com subdomain as Open Any Files, Reed said. Dr Antivirus also collected a list of installed apps on the device and uploaded that as well. He said that users were not informed of this activity and were not given a way to opt out. An examination of Dr Cleaner found similar behaviour, Reed said, except that it did not collect a list of apps.