Trend Micro apps fiasco generates even more questions

The saga surrounding Trend Micro apps being removed from the Mac App Store for gathering data inappropriately drags on, but the company's latest admission raises even more questions.

In the latest update to its response to allegations that its Mac apps were stealing user data, Trend Micro admitted that it published another banned app -- Open Any Files: RAR Support.

Thomas Reed, director of Mac and mobile at Malwarebytes Labs, had previously found the Open Any Files app -- listed as being developed by Hao Wu -- to be gathering the same data as the Trend Micro apps, transmitting that data to Trend Micro servers and promoting Trend Micro's Dr. Antivirus app, which was one of the six Trend Micro apps banned initially by Apple.

While the cybersecurity company based in Japan did not explain why it did not take ownership of the Open Any Files app before, Trend Micro admitted the app used "the same module" to collect browser history data as the other Trend Micro apps. As such, the company said it would "no longer publish or support this product."

Reed found the admission interesting because Trend Micro had previously described Open Any Files as an affiliate app.

"I'm not sure who Hao Wu is. I had assumed it was someone who was abusing the Trend affiliate program to get paid for referrals to their apps. It's very odd that Trend is now saying that they own that app," Reed said via Twitter direct message. "Why would their own app use App Store affiliate links when linking to other apps they own?"

Reed added that Malwarebytes had found the Open Any Files app to be "very shady" and so he had been tracking it since December.

"[Promoting other Trend Micro apps] was its sole purpose. The other functionality it provided was extremely minimal, and it used [a] trick to get triggered any time the user opened an unfamiliar document type," Reed said. "I'm not entirely sure what the point is. These are all junk apps that are a dime a dozen on the App Store. They really don't provide much -- if any -- value to the user, in my opinion. I suspect the data collection was a primary goal, but that's just a theory."

When questioned about Open Any Files and the other Trend Micro apps, the company refused to answer and instead linked to the updated blog post, noting that it now has an FAQ and "will continue to be updated with other questions and answers."

Reed said the company didn't seem ready to talk about the issues with the Trend Micro apps for Mac, but they should have been because changes to the apps indicated they expected the controversy.

"One thing that is striking is their claim about displaying [an End-User License Agreement] that the user has to agree to. That was not the case in any of our testing, which actually started back in December, and was repeated several times right up to just before publication of our article," Reed said. "Someone on Twitter posted a couple screenshots ... before September 7 and after September 7. Before, no EULA. After, the EULA appeared. They knew this was coming, and their response was to add a EULA rather than remove the data exfiltration code."