Multiple Trend Micro Apps Pulled From Mac App Store; Tens of iOS Apps Caught Collecting and Selling Location Data 38
Ahead of Apple's big iPhone event later this week, the company appears to be grappling with a PR problem: Third-party apps on both its desktop and mobile app stores have been caught doing shady stuff. Last week, Apple pulled a top selling app from the App Store, a month after it was alerted about it, but only hours after it started making headlines. Since then, tens of new iOS apps have been caught indulging in a similar offense -- collecting and selling users data such as GPS coordinates, WiFi network IDs and more. Amid all of this, more desktop apps, curiously all from security service provider Trend Micro -- have been caught collecting browser history and information about users' computers. Apple has pulled Trend Micro's apps from the store. Do note that Trend Micro still has some apps -- both for desktop and mobile -- listed on the store. Would be interesting to learn what sort of conversations Trend Micro and Apple have had in the recent days. BleepingComputer: The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9. The first public report of a Trend Micro product in the App Store engaging in shady activities came in late 2017 when user PeterNopSled told Malwarebytes forum members that "that his Mac was taken over by Open Any Files: RAR Support," and it did not let him open Word or Excel files. Trend Micro's privacy and data collection disclosure.
Re: (Score:3, Interesting)
What's this say for Trend Micro on other platforms? Nobody to notice or chastise them for bad behavior? MS Windows 10 is basically spyware with builtin key logger and all the telemetry. I'm really none too pleased with a lot of Apple's nonsense but they still seem to some how come off as less draconian and evil than the rest of the field.
Trend Micro never had the best engineers (Score:5, Interesting)
My experience: Companies that do shady things or ignore security on security products tend to have the lowest quality engineers. It's likely a combination of them being cheap, not knowing how to evaluate engineers and good engineers not wanting to work for them. Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this. Companies have to value their reputations and actively create a good reputation.
Re:Trend Micro never had the best engineers (Score:5, Informative)
I'm not posting anonymously, and I agree wholeheartedly. Their code is CRAP. I used to be responsible for a server farm running their Interscan messaging antivirus SMTP products on Unix .... what a trainwreck of software. We had this oddball corporate security policy in place that we would have to quarantine any inbound messages with attachments for 1 hour before letting them through the virus scanner; some executive thought that'd give the AV companies enough time to update their signatures. Anywho... the software was so stupid that after releasing from the quarantine, it would just move it to the top of the queue, hit the quarantine rule, and re-quarantine it. So I had one set of SMTP gateways that would ingest, quarantine and then hand off to the second set that would do the actual scanning. It was atrocious, atrocious code. All written in China, as I recall.
Replaced a couple of racks of Sun gear doing mail handling with a pair of Ironport appliances. Done.
So glad I'm out of the day-to-day IT business ....
Re: (Score:2, Insightful)
Apple should adopt Steam's approach, ban all apps from companies that pull stuff like this.
Apple should ban the companies themselves that pull crap like this, PERMANENTLY. All it should take is ONE shady app.
Re:Trend Micro never had the best engineers (Score:4, Insightful)
From my experience, this is entirely credible. The things you find in some commercial software are staggering in the incompetence they imply. I agree that a multi-year (at least) ban from the shop for them and related parent and child companies is probably the only thing that will help. There are also high-quality vendors, but these tend to be expensive and often do not sell to the general public. The general public is probably best served with FOSS of good reputation.
Get what you pay for (Score:1)
Got to figure some of this stuff happens because there is very little if any costs for these apps. That probably should be understood as the developer might seek out other means through the app to get data it can sell. Not really anything new, nothings free only you may not realize how your paying.
I read that as (Score:2)
I read that as Dr. Underachiever
Not sure if this is Apple's PR problem? (Score:1, Redundant)
Apple is proactively removing them. Its a small breach, but is "apple cares about your privacy and will boot anyone from the App Store" a bad message? Maybe I'm just cynical and expect bad actors, and expect Apple/Android not being able to catch them all
It's a problem. (Score:2)
We understand that bad actors are going to appear occasionally, but does the general public? And it's not just one or two apps popping up and getting squashed from time to time, it's the reveal that dozens- that we know about- have been running under Apple's radar.
Regardless of how you feel about the walled garden ecosystem, we can agree that the absolute foundation of it is trust. Users trust Apple to do the heavy lifting of reviewing and vetting applications, to provide security and ease-of-use, in exc
Assume Every App Does This (Score:1)
You will never go wrong if you assume everything on your phone is acting in someone else'e best interest.
Same for your PC/tablet, IoT devices, your car if it's fairly new, your credit card and store loyalty cards, your ISP, and probably your dog.
We never should have let data mining become a thing.
Antivirus, Cleaner apps... (Score:1)
Antivirus and cleaner apps are usually as bad as the disease they say they prevent or cure. NO THANKS!
TrendMicro virus has always been a dog that just locks up your machine when it kicks in.
Worthless product reviews (Score:4, Insightful)
Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9.
This is why so many product reviews by both users and well-published reviewers are essentially worthless. They might be decent UI and basic functionality reviews, but practically no reviewing source includes a security review. At least Consumer Reports claims they are going to start [consumerreports.org], though it's long since time that they or others should have started doing so.
Hardly surprising (Score:1)
Great title.. (Score:2)
"Tens of iOS Apps Caught Collecting and Selling Location Data"
I think "dozens" would sound a lot less awkward..
Walled Gardens (Score:4, Insightful)
Yes, Walled Gardens were supposed to eliminate this problem. That's what Apple said. They said they can control the quality of the apps and make sure they don't expose sensitive information, obviously their garden has weeds.
Too bad they're in California otherwise we could just use Round-Up to fix it.