Trend Micro apologises after Mac apps found scooping up users’ browser history

Apparently it’s the users’ fault anyway…

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Trend Micro apologises after Mac apps found scooping up users' browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

However, in an advisory on its blog,the well-known internet security firm maintained that all collected data was “safe and at no point was compromised.”

Furthermore, Trend Micro claims that the data collection was not a secret – as users should have spotted they were agreeing to the data collection when they approved the software’s EULA at installation.

Sign up to our free newsletter.
Security news, advice, and tips.

Yeah, because we all know that users read the license agreement when they install software – right?

In its advisory, Trend Micro confirmed researchers’ findings that products such as Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery, and Duplicate Finder were snaffling users’ browser history, although Trend was at pains to point out that the data collection only occurred once per installation, and did not contain the full browser history:

“[The products] collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service).”

Mac app store The discovery of the apps’ behaviour resulted in them being kicked out of the Mac App Store (for now at least).

In response to concerns and media reports, Trend Micro says that it has now removed the browser data collection code from its affected consumer products, and deleted any legacy data logs.

But it’s the company’s final statement which caught my eye the most:

“Third, we believe we identified a core issue which is humbly the result of the use of common code libraries. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion. This has been corrected.”

In short, Trend Micro says that the code was designed to help the software determine if users had recently encountered online threats – and yet the code was also incorporated into products which were not security-related.

Dr Battery, for instance, is an app that purports to offer real-time monitoring of your Mac’s battery and determine which apps are draining resources the most. Why on earth would that need to take a gander at your browsing history?

It’s a similar story for Dr Unarchiver which – as its name suggests – allows you to browse, access, and extract files within archive formats. Nothing to do with adware, malware, or which websites you’ve been visiting.

Dr unarchiver
Dr Unarchiver

Other software manufacturers should learn a lesson from this incident. Not only should you be sure to get positive agreement from your users as to what private data you may extract from them (and not hide it away in a EULA), but also you need to be careful to not be fattening up your different products with unnecessary code.

Shared code libraries that aren’t actually required by a program to perform its function increase the threat surface, introduce security and privacy vulnerabilities that could impact your customers, and – potentially – give more opportunities for hackers to strike.

For more discussion of this issue, be sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #095: 'British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

3 comments on “Trend Micro apologises after Mac apps found scooping up users’ browser history”

  1. stine the unrighteous

    "Dr Battery, for instance, is an app that purports to offer real-time monitoring of your Mac’s battery and determine which apps are draining resources the most. Why on earth would that need to take a gander at your browsing history?"

    Acutally, this is actually the easiest one to understand. If I download an app who's sole purpose is to see how hot you can get your device before it shuts down, then I'm sure Dr Battery would love to know about this app.

    1. mark jacobs · in reply to stine the unrighteous

      Nah, Dr Battery should keep its nose out, and simply report the drainage

  2. lowbat

    Battery and browsing history could be linked to web miners, if I'm not wrong. Thus eventually helping to identify drains :D

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.