Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multiple Trend Micro Apps Pulled From Mac App Store; Tens of iOS Apps Caught Collecting and Selling Location Data

Posted by msmash on from the it-just-works dept.

Ahead of Apple's big iPhone event later this week, the company appears to be grappling with a PR problem: Third-party apps on both its desktop and mobile app stores have been caught doing shady stuff. Last week, Apple pulled a top selling app from the App Store, a month after it was alerted about it, but only hours after it started making headlines. Since then, tens of new iOS apps have been caught indulging in a similar offense -- collecting and selling users data such as GPS coordinates, WiFi network IDs and more. Amid all of this, more desktop apps, curiously all from security service provider Trend Micro -- have been caught collecting browser history and information about users' computers. Apple has pulled Trend Micro's apps from the store. Do note that Trend Micro still has some apps -- both for desktop and mobile -- listed on the store. Would be interesting to learn what sort of conversations Trend Micro and Apple have had in the recent days. BleepingComputer: The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9. The first public report of a Trend Micro product in the App Store engaging in shady activities came in late 2017 when user PeterNopSled told Malwarebytes forum members that "that his Mac was taken over by Open Any Files: RAR Support," and it did not let him open Word or Excel files. Trend Micro's privacy and data collection disclosure.

38 comments

  1. Still better than Android by Anonymous Coward · · Score: 0

    But not by enough to put the Apple smugness on display.

    1. Re: Still better than Android by Anonymous Coward · · Score: 0

      On Android, if the app is requesting location says, it asks for permission.

      Even asking for wifi state automatically adds in a location permission because you can use the WiFi triangulation technique.

      So if users were happy with their service and didn't mind giving out their location, why are you stopping them?

    2. Re: Still better than Android by Anonymous Coward · · Score: 0

      https://techcrunch.com/2017/11/21/android-devices-seen-covertly-sending-location-data-to-google/

  2. Re:Adware, Trend Micro, AccuWeather, RevealMobile by Anonymous Coward · · Score: 3, Interesting

    What's this say for Trend Micro on other platforms? Nobody to notice or chastise them for bad behavior? MS Windows 10 is basically spyware with builtin key logger and all the telemetry. I'm really none too pleased with a lot of Apple's nonsense but they still seem to some how come off as less draconian and evil than the rest of the field.

  3. Trend Micro never had the best engineers by Anonymous Coward · · Score: 5, Interesting

    Posting Anonymously. I've reviewed the source code of a few of Trend Micro's products and product lines. Security on their security products was so poor I would describe it as basically missing.

    My experience: Companies that do shady things or ignore security on security products tend to have the lowest quality engineers. It's likely a combination of them being cheap, not knowing how to evaluate engineers and good engineers not wanting to work for them. Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this. Companies have to value their reputations and actively create a good reputation.

    1. Re:Trend Micro never had the best engineers by nbvb · · Score: 4, Informative

      I'm not posting anonymously, and I agree wholeheartedly. Their code is CRAP. I used to be responsible for a server farm running their Interscan messaging antivirus SMTP products on Unix .... what a trainwreck of software. We had this oddball corporate security policy in place that we would have to quarantine any inbound messages with attachments for 1 hour before letting them through the virus scanner; some executive thought that'd give the AV companies enough time to update their signatures. Anywho... the software was so stupid that after releasing from the quarantine, it would just move it to the top of the queue, hit the quarantine rule, and re-quarantine it. So I had one set of SMTP gateways that would ingest, quarantine and then hand off to the second set that would do the actual scanning. It was atrocious, atrocious code. All written in China, as I recall.

      Replaced a couple of racks of Sun gear doing mail handling with a pair of Ironport appliances. Done.

      So glad I'm out of the day-to-day IT business ....

    2. Re:Trend Micro never had the best engineers by Anonymous Coward · · Score: 2, Insightful

      Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this.

      Apple should ban the companies themselves that pull crap like this, PERMANENTLY. All it should take is ONE shady app.

    3. Re:Trend Micro never had the best engineers by gweihir · · Score: 3, Insightful

      From my experience, this is entirely credible. The things you find in some commercial software are staggering in the incompetence they imply. I agree that a multi-year (at least) ban from the shop for them and related parent and child companies is probably the only thing that will help. There are also high-quality vendors, but these tend to be expensive and often do not sell to the general public. The general public is probably best served with FOSS of good reputation.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Trend Micro never had the best engineers by Anonymous Coward · · Score: 0

      Right. They just let random Joe Schmoe who doesn't live anywhere near China review their code. Sure.

    5. Re:Trend Micro never had the best engineers by Anonymous Coward · · Score: 0

      Posting as AC is a tactic people-in-the-know can use to avoid any kind of heavy-handed corporate punishment when disclosing unpleasant truths.

    6. Re:Trend Micro never had the best engineers by Anonymous Coward · · Score: 0

      Right. apple should ban all software but its own. That'l teach'em

    7. Re:Trend Micro never had the best engineers by Anonymous Coward · · Score: 0

      Does that include Trend Micro's android mobile security?
      It's quiet and unobtrusive, seems to just do it's job, I hope it's not doing other jobs at the same time.

  4. Get what you pay for by Anonymous Coward · · Score: 1

    Got to figure some of this stuff happens because there is very little if any costs for these apps. That probably should be understood as the developer might seek out other means through the app to get data it can sell. Not really anything new, nothings free only you may not realize how your paying.

  5. I read that as by Caesar+Tjalbo · · Score: 1

    The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver,

    I read that as Dr. Underachiever

    --
    "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
  6. Not sure if this is Apple's PR problem? by cant_get_a_good_nick · · Score: 0, Redundant

    Apple is proactively removing them. Its a small breach, but is "apple cares about your privacy and will boot anyone from the App Store" a bad message? Maybe I'm just cynical and expect bad actors, and expect Apple/Android not being able to catch them all

  7. Assume Every App Does This by Anonymous Coward · · Score: 1

    You will never go wrong if you assume everything on your phone is acting in someone else'e best interest.

    Same for your PC/tablet, IoT devices, your car if it's fairly new, your credit card and store loyalty cards, your ISP, and probably your dog.

    We never should have let data mining become a thing.

  8. It's only ok if WE are doing it. by Anonymous Coward · · Score: 0

    Facebook, Google, Microsoft, Apple, collect as much as they want. If someone else does it, bad!

    1. Re:It's only ok if WE are doing it. by Anonymous Coward · · Score: 0

      Real problem was that Apple did not their cut. When Trend micro agrees to give 30% of the spyware business income, Apple will happily accept them back. And give them some free featured&recommended by Apple -campaigns.

  9. Antivirus, Cleaner apps... by Anonymous Coward · · Score: 1

    Antivirus and cleaner apps are usually as bad as the disease they say they prevent or cure. NO THANKS!

    TrendMicro virus has always been a dog that just locks up your machine when it kicks in.

  10. Worthless product reviews by Flexagon · · Score: 3, Insightful

    Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9.

    This is why so many product reviews by both users and well-published reviewers are essentially worthless. They might be decent UI and basic functionality reviews, but practically no reviewing source includes a security review. At least Consumer Reports claims they are going to start, though it's long since time that they or others should have started doing so.

  11. There goes the advantage of the walled garden by Anonymous Coward · · Score: 0

    iPhones leaking data as any bonafide el cheapo Chinese Android.

  12. seriously, what is the right alternative by Anonymous Coward · · Score: 0

    Trend Micro is not free.
    The fact that they do this has me calling my lawyer and looking at a GDPR request.
    What is the best anti-virus alternative?

  13. Back after a little rebranding... by Anonymous Coward · · Score: 0

    Dr. ItsAVirus, Dr. Clean-err, Dr. Underachiever.

  14. Like locking the barn door... by Anonymous Coward · · Score: 0

    after the horse's data has leaked out.

  15. Hardly surprising by Anonymous Coward · · Score: 1

    Anti-virus vendors are the source of the majority of the world's computer viruses. How else do you think they stay in business?

  16. Dr underachiever by Anonymous Coward · · Score: 0

    Anyone else see that and read it wrong?

  17. Seriously! by Anonymous Coward · · Score: 0

    what a fucking joke apple is.
    All their lies and bullshit about the most secure operating system ever.

  18. Great title.. by Vegan+Cyclist · · Score: 1

    "Tens of iOS Apps Caught Collecting and Selling Location Data"

    I think "dozens" would sound a lot less awkward..

    1. Re:Great title.. by Anonymous Coward · · Score: 0

      I think it would be more impressive expressed as a number of fours, cos that would be 3 times as many as a dozen.

  19. Walled Gardens by Virtucon · · Score: 3, Insightful

    Yes, Walled Gardens were supposed to eliminate this problem. That's what Apple said. They said they can control the quality of the apps and make sure they don't expose sensitive information, obviously their garden has weeds.

    Too bad they're in California otherwise we could just use Round-Up to fix it.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  20. The Big 3 by Anonymous Coward · · Score: 0

    In my experience as a residential/business technician for over a decade, The Big 3 (as I like to call them) are the best 3 you could possibly use to "get" infections, and slow down your pc to a crawl in the process. It seems that going "public" is one way to destroy a security product, i.e. marketing rulez.

    The pure FUD that gets in your face at each turn with those products is the reason I loathe them the 2nd most, the most being they require removal tools to uninstall...

    Their products are the purest form of garbage that preys on the weak. I always uninstall them and let defender do an equivocally weak as piss shit job, make sure the "perpetual" cc payments are stopped, install ublockorigins and other cool extensions, educate the customer about (emails, web) phishing, then fuck off never to hear back from them about infections again; they get me back for many other things for sure, networking, printers etc but you get the point.

    Trend, McAfee, Norton. Fuck you!

  21. One shady app is still in the top 100 by Anonymous Coward · · Score: 0

    HotspotShield is selling the user-data to anybody who wants it, they have better data than your internet provider because it is tied to a device and includes location data. Read the privacy policy of Anchorfree and you will see that they are allowed to do that, but who reads the TOS?

  22. Amazon app store - Worst of the lot by Anonymous Coward · · Score: 0

    Amazon likely needs a lot of attention right now on it's app stire for basically trying to get all the apps on it's store and not really give a d*amn what is going on in the app itself. A cesspool of apps.

    At least Apple and Google are being proactive about this - Amazon? Nope, nada.

  23. Dr. Antivirus, Dr. Cleaner, by Anonymous Coward · · Score: 0

    Why in hell would someone need Dr. Antivirus, Dr. Cleaner these on an Apple product anyway ?

  24. It's a problem. by SolemnLord · · Score: 1

    We understand that bad actors are going to appear occasionally, but does the general public? And it's not just one or two apps popping up and getting squashed from time to time, it's the reveal that dozens- that we know about- have been running under Apple's radar.

    Regardless of how you feel about the walled garden ecosystem, we can agree that the absolute foundation of it is trust. Users trust Apple to do the heavy lifting of reviewing and vetting applications, to provide security and ease-of-use, in exchange for freedom. If that trust is breached, what good is sticking around? If I can't trust Apple in its own app store, why should I trust it with iCloud, or Keychain, or any of its other services?

    Services, it must be pointed out, that are both Apple's fastest-growing money maker, and vital to keeping the iDevice experience "sticky".

    I remember hearing that after a bad experience with a car consumers would avoid and mistrust that manufacturer for, on average, ten years. I doubt electronics are that drastic, but losing customers' trust for years is something Apple can't afford, especially since it's worked hard to differentiate itself from the other big five on issues of privacy and trust.

    So yeah, it's a problem.