Mac App Store apps caught stealing user data

Adjust Comment Print

The takedown comes just days after Privacy First and Wardle found that another App Store security product, AdWare Doctor, was pulled for exhibiting almost the exact same malicious activity. The apps offered by this developer includes Dr. Unarchiver, Dr.

As a result, Trend Micro states it removed this feature that collected users' browser history.

Now, a week on from that debacle, 9to5Mac reports that Trend Micro apps Dr Unarchiver and Dr Cleaner are doing the same thing.

More news: Papadopoulos: Trump campaign officials 'fully aware' of Putin meeting efforts

This included data from various browsers, separate files dedicated to recent Google searches, and a complete list of all apps installed on the system (including code-signatures, whether they were 64-bit compatible, and information about where they were downloaded from). It exports your entire browser history, along with data from the App Store and other information.

It claims it prevents "malware and malicious files from infecting your Mac" and claims to be one of the best apps to do so.

Mac users who are using the "Adware Doctor" application should uninstall it as soon as possible.

More news: Trump Jr. says father trusts few people after anonymous op-ed

He noted that since Adware Doctor is given universal access by users when it is first run, it is able to access running processes on the Mac by simply working around obstacles that Apple has set in place for security.

"We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion". Apple was soon to remove the app from the Mac App Store as soon as the news broke but as it turns out, there are more apps on the App Store indulging in the same tactics. These apps duped users into giving them access their MacOS home directory with actions like as "Scan for Viruses" or "Clear cache". The collected user data was uploaded to a US-based server hosted by Amazon Web Services and managed by Trend Micro.

The security breaches were reported by researchers Thomas Reed in Malwarebytes Labs, Patrick Wardle of Objective-See and @privacyis1st. This revelation follows similar stories of Mac apps gathering data without permission, and could point to a worrying trend.

More news: IPhone Xr, iPhone Xs And iPhone Xs Plus Might Surface This Wednesday

Apps collect data such as Global Positioning System coordinates, WiFi network IDs and more, and pass all of it to advertising and monetization firms.

Comments