Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

Re: Oh well, no worries

It's not time for an apocalypse, but definitely time for another tech economy collapse. As before, marketing is transforming from a tool to a product. It's an expensive infrastructure promising money for businesses while producing nothing at all for customers.

Re: Oh well, no worries

"Is there something we should know?"

Yes, that this sort of behavior from that group isn't remotely new. I think it's just a common thing that happens when that flavor of sociopath gets too much money too fast.

Re: Oh well, no worries

We don't want them and we changed the law to keep them out.

Re: VW-ing (cheating) the App-Store screening?

If smartphone makers do it all the time with benchmarking apps and mega corps like Volkswagen, why not? Security firms regularly report malware dormancy as a stealth tactic. Apple aren't immune, so specially targeting their Labs makes sense.

Re: VW-ing (cheating) the App-Store screening?

Could Trend Micro have coded the apps to detect when they are being tested by Apple and not do the data slurp?

More likely Apple does the test on a clean VM, so no data to slurp.

Re: VW-ing (cheating) the App-Store screening?

"Could Trend Micro have coded the apps to detect when they are being tested by Apple and not do the data slurp?"

Uber turned some anti-privacy features off if they found that your phone was in or near Cupertino, where the reviews are done.

"I'm sure Apple made copies of all URL traffic for their own records."

You obviously mean while testing the app, using a device that is owned by Apple, and the application submitted for review by some company, they will make copies of all URL traffic for their own records? Quite possible. More possible that they will do it in the future. Very possible that they will modify their phones they use for testing to not report "Cupertino" as their location, but some random place in the world.

If you mean traffic on my Mac while I use it: Don't be f***ing ridiculous.

Re: Security purposes?

Asus routers are also known to send data to Trend Micro:

https://www.computerworld.com/article/3194843/internet/asus-router-warnings-on-privacy-and-security.html

Re: Security purposes?

Well I can SORT of see why... I mean, installing an antivirus product could often be in response to something that made you think you needed it. Weird browser behaviour, unrequested downloads, pop-ups, that kind of thing. And of course, once they know what the most prevalent trigger is, they can make sure to deploy that more widely in order to increase the general level of paranoia and thus sell more product.

Re: 1 - 2 - 3 - Not it!

> It's in the EULA that you didn't read.

But did Apple’s reviewer read this EULA for us?

Re: 1 - 2 - 3 - Not it!

>Not our fault. Your fault.

Correct. And that's not a lesson that's likely to be forgotten or which will engender gratitude from the learners.

Open source. No Cloud.

Re: 1 - 2 - 3 - Not it!

"It's in the EULA that you didn't read."

Actually, if your app is on the app store, it must also follow the rules of Apple's default EULA. And if you were hiding that it was violating the app store rules (which Trend Micro probably did), Apple can refund all the customers and ask Trend Micro back for the money. For the complete 100% of the purchase price, not the 70% that Trend Micro received.

Re: 1 - 2 - 3 - Not it!

"It's in the EULA that you didn't read."

And if you try that on an EU resident with the boxes pre-ticked you're lining your company up for fines of 4% of global turnover. Could that be why it's been withdrawn?

Re: GDPR?

"So do an Europeans affected by this have any rights to redress under GDPR?"

They have right to register complaints with the appropriate regulator which could lead to large fines (maybe even 4% of Apple's turnover if they were held to have responsibility). Not the sort of redress you might have been thinking of but there could be accommodation to be reached if you were prepared to withdraw the complaint.

As this sort of thing works its way into corporate conciousness I think the operators of app stores are likely to tighten up to avoid the risk of vicarious liability.

Re: It wouldnt be a Trend Micro product otherwise

I've seen it used as well. The version that we had had a scan scheduled every week during the middle of the afternoon on Wednesday, when you were working. The software would courteously ask you to confirm the scan, with the option to delay it. Nice and respectful, no? No, not really, because the delay function didn't work all that well, and would sometimes delay all the way until you logged in on Thursday morning, when it wouldn't ask you but would just cheerfully scan everything with the accompanying lag in performance. And because whatever group was responsible for scheduling the original scan for when people were working, most users would go with the only guaranteed way of continuing to be productive: clicking the "skip this scan" button every single Wednesday.

Re: It wouldnt be a Trend Micro product otherwise

I recently had the misfortune of looking at an ex-company PC that the owner of the company, a friend of the in laws, wanted to use as a home desktop.

It had Trend Micro on it, which was causing slowdown and had a policy of locking out access to USB drives.

I'll uninstall I thought, but it needed a password which was set when it was installed. Which could be circumvented via a registry key. Which was locked until you disabled the service on startup.

Even after uninstalling it would not allow USB key access, in the end I had to do a system restore and grab the likes of malwarebytes off ninite.

Though I've worked in places where usage logs of the product are sent 'home', such that if a failure is reported the actions up until that point can be traced.