Security Experts:

Connect with us

Hi, what are you looking for?



Trend Micro Admits That Its Mac Apps Collect User Data

Trend Micro on Monday confirmed that some of its applications for Mac collect browser history and send it to the security firm’s servers. 

Trend Micro on Monday confirmed that some of its applications for Mac collect browser history and send it to the security firm’s servers. 

Recent reports revealed that so-called security applications for Mac that are being distributed through Apple’s App Store collected and exfiltrated users’ browsing histories along with some other sensitive information (such as lists of installed apps). 

The initial reports focused on Adware Doctor, a $4.99 application that would gather Safari, Chrome, and Firefox browsing history, the list of running processes, and a list of downloaded software. The program was observed sending the harvested data to a server located in China. 

Among the other applications that engaged in the collection of browsing history, researchers mentioned Dr. Antivirus and Dr. Cleaner, two programs developed by security software provider Trend Micro.

In a statement regarding these allegations, the company confirmed not only that the two applications collected user data, but also that other Mac apps developed by the company did the same, including Dr Cleaner Pro, Dr. Unarchiver, Dr. Battery, and Duplicate Finder.

The data collection practice, the company says, only targeted “a small snapshot of the browser history on a one-time basis.” Specifically, only the browsing history for the 24 hours prior to the installation were targeted. 

“This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service),” Trend Micro claims

The security firm also points out that users were informed on the collection and use of browser history data, both in the applicable EULAs and at installation, when the user was also prompted to accept the data collection. 

The security firm also notes that the browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

All of the offending applications have been already stripped off the browser history collection capabilities, Trend Micro also says. In addition, the company also claims to have permanently dumped all legacy logs from the US-based AWS servers, including the logs of browser histories that the users permitted at installation (and which was only being held for 3 months). 

According to Trend Micro, the presence of the same data collection capabilities across a number of its applications was the result of the use of common code libraries. 

“We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected,” the company said. 

Related: Mac Apps From Apple’s App Store Steal User Data, Researchers Say

Related: Macs Infected With New Monero-Mining Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.