Trend Micro on Monday confirmed that some of its applications for Mac collect browser history and send it to the security firm’s servers.
Recent reports revealed that so-called security applications for Mac that are being distributed through Apple’s App Store collected and exfiltrated users’ browsing histories along with some other sensitive information (such as lists of installed apps).
The initial reports focused on Adware Doctor, a $4.99 application that would gather Safari, Chrome, and Firefox browsing history, the list of running processes, and a list of downloaded software. The program was observed sending the harvested data to a server located in China.
Among the other applications that engaged in the collection of browsing history, researchers mentioned Dr. Antivirus and Dr. Cleaner, two programs developed by security software provider Trend Micro.
In a statement regarding these allegations, the company confirmed not only that the two applications collected user data, but also that other Mac apps developed by the company did the same, including Dr Cleaner Pro, Dr. Unarchiver, Dr. Battery, and Duplicate Finder.
The data collection practice, the company says, only targeted “a small snapshot of the browser history on a one-time basis.” Specifically, only the browsing history for the 24 hours prior to the installation were targeted.
“This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service),” Trend Micro claims.
The security firm also points out that users were informed on the collection and use of browser history data, both in the applicable EULAs and at installation, when the user was also prompted to accept the data collection.
The security firm also notes that the browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.
All of the offending applications have been already stripped off the browser history collection capabilities, Trend Micro also says. In addition, the company also claims to have permanently dumped all legacy logs from the US-based AWS servers, including the logs of browser histories that the users permitted at installation (and which was only being held for 3 months).
According to Trend Micro, the presence of the same data collection capabilities across a number of its applications was the result of the use of common code libraries.
“We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected,” the company said.
Related: Mac Apps From Apple’s App Store Steal User Data, Researchers Say