Multiple Trend Micro Apps Pulled From Mac App Store; Tens of iOS Apps Caught Collecting and Selling Location Data

Ahead of Apple's big iPhone event later this week, the company appears to be grappling with a PR problem: Third-party apps on both its desktop and mobile app stores have been caught doing shady stuff. Last week, Apple pulled a top selling app from the App Store, a month after it was alerted about it, but only hours after it started making headlines. Since then, tens of new iOS apps have been caught indulging in a similar offense -- collecting and selling users data such as GPS coordinates, WiFi network IDs and more. Amid all of this, more desktop apps, curiously all from security service provider Trend Micro -- have been caught collecting browser history and information about users' computers. Apple has pulled Trend Micro's apps from the store. Do note that Trend Micro still has some apps -- both for desktop and mobile -- listed on the store. Would be interesting to learn what sort of conversations Trend Micro and Apple have had in the recent days. BleepingComputer: The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9. The first public report of a Trend Micro product in the App Store engaging in shady activities came in late 2017 when user PeterNopSled told Malwarebytes forum members that "that his Mac was taken over by Open Any Files: RAR Support," and it did not let him open Word or Excel files. Trend Micro's privacy and data collection disclosure.

Re:Adware, Trend Micro, AccuWeather, RevealMobile

What's this say for Trend Micro on other platforms? Nobody to notice or chastise them for bad behavior? MS Windows 10 is basically spyware with builtin key logger and all the telemetry. I'm really none too pleased with a lot of Apple's nonsense but they still seem to some how come off as less draconian and evil than the rest of the field.

Trend Micro never had the best engineers

Posting Anonymously. I've reviewed the source code of a few of Trend Micro's products and product lines. Security on their security products was so poor I would describe it as basically missing.

My experience: Companies that do shady things or ignore security on security products tend to have the lowest quality engineers. It's likely a combination of them being cheap, not knowing how to evaluate engineers and good engineers not wanting to work for them. Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this. Companies have to value their reputations and actively create a good reputation.

Re:Trend Micro never had the best engineers

[nbvb]

I'm not posting anonymously, and I agree wholeheartedly. Their code is CRAP. I used to be responsible for a server farm running their Interscan messaging antivirus SMTP products on Unix .... what a trainwreck of software. We had this oddball corporate security policy in place that we would have to quarantine any inbound messages with attachments for 1 hour before letting them through the virus scanner; some executive thought that'd give the AV companies enough time to update their signatures. Anywho... the software was so stupid that after releasing from the quarantine, it would just move it to the top of the queue, hit the quarantine rule, and re-quarantine it. So I had one set of SMTP gateways that would ingest, quarantine and then hand off to the second set that would do the actual scanning. It was atrocious, atrocious code. All written in China, as I recall.

Replaced a couple of racks of Sun gear doing mail handling with a pair of Ironport appliances. Done.

So glad I'm out of the day-to-day IT business ....

Re:Trend Micro never had the best engineers

Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this.

Apple should ban the companies themselves that pull crap like this, PERMANENTLY. All it should take is ONE shady app.

Re:Trend Micro never had the best engineers

[gweihir]

From my experience, this is entirely credible. The things you find in some commercial software are staggering in the incompetence they imply. I agree that a multi-year (at least) ban from the shop for them and related parent and child companies is probably the only thing that will help. There are also high-quality vendors, but these tend to be expensive and often do not sell to the general public. The general public is probably best served with FOSS of good reputation.

Worthless product reviews

[Flexagon]

Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9.

This is why so many product reviews by both users and well-published reviewers are essentially worthless. They might be decent UI and basic functionality reviews, but practically no reviewing source includes a security review. At least Consumer Reports claims they are going to start, though it's long since time that they or others should have started doing so.

Walled Gardens

[Virtucon]

Yes, Walled Gardens were supposed to eliminate this problem. That's what Apple said. They said they can control the quality of the apps and make sure they don't expose sensitive information, obviously their garden has weeds.

Too bad they're in California otherwise we could just use Round-Up to fix it.