Answers to Your Questions on Our Apps in the Mac App Store

Trend Micro's picture
  • Posted on:

Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false.

Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation (see, for example, the Dr Cleaner data collection disclosure here:  https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119854.aspx). The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

Trend Micro is taking customer concerns seriously and has decided to remove this browser history collection capability from the products at issue.

Update as of September 10

We apologize to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised.

We have taken action and have 3 updates to share with all of you.

First, we have completed the removal of browser collection features across our consumer products in question. Second, we have permanently dumped all legacy logs, which were stored on US-based AWS servers. This includes the one-time 24 hour log of browser history held for 3 months and permitted by users upon install. Third, we believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.

Update as of September 11

We can confirm this situation is contained to the consumer apps in question. None of the other Trend Micro products, including consumer, small business or enterprise, are known to have ever utilized the browser data collection module or behavior leveraged in these consumer apps.

We’ve always aimed for full transparency concerning our collection and use of customer data and this incident has highlighted an opportunity for further improvement in some areas. To that end, we are currently reviewing and re-verifying the user disclosure, consent processes and posted materials for all Trend Micro products.

Copy this html code to your website/blog to embed this press release.

Comments

Post new comment

1 + 11 =

To prevent automated spam submissions leave this field empty.