Apple removes Mac apps which are stealing user data

Mac App Store apps found stealing user data

Popular Mac app Adware Doctor pulled by Apple after revelation it steals browsing history

The post Answers to Your Questions on Our Apps in the Mac App Store appeared first on. "Adware Doctor contains several methods for collecting a variety of information about the system and user".

Facepalm: After being caught uploading user's browser history to the cloud, Trend Micro has issued an apology. Cleaner, Dr. Unarchiver, Dr. Antivirus, Dr. Battery, and Duplicate Finder, made by Trend Micro, Inc. were investigated by Apple which later removed Dr. Unarchiver and Dr. "After allowing access to the home directory, the app proceeded to collect the private data and upload it to their servers (we blocked that with a proxy)".

Popular applications from the Mac App Store were routinely downloading users' web history, but Apple only took them down when security researchers went public.

Further analysis by security researcher Patrick Wardle showed that Adware Doctor sent the complete browser history from Safari, Chrome, and Firefox.

A number of applications on Apple's Mac App Store are secretly gathering user data and uploading it to analytics servers. Readers must note that in Apple's Top Paid App List, this app was a top grossing application sitting at fifth spot.

Facebook's mobile VPN app Onavo Protect was pulled from the App Store in August after it was accused of using data collected from users for broader analytics purposes.

Thanks to the permissions it has, namely the possibility of accessing browsers, it is consulting and collecting users browsing history.

The takedown comes just days after Privacy First and Wardle found that another App Store security product, AdWare Doctor, was pulled for exhibiting almost the exact same malicious activity. Included in this list were several apps from security firm Trend Micro.

Despite Trend Micro's apology, not everyone in the security community is buying the company's explanations.

Update [September 10, 19:13]: Trend Micro released less than an hour ago a statement denying that its apps were stealing user data.

Other official App Store applications tracked by Reed which are actively exfiltrating user data to the developer's servers include Open Any Files, Dr Antivirus, and Dr Cleaner.

Trend Micro is taking customer concerns seriously and has chose to remove this browser history collection capability from the products at issue. "The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs (end user license agreements) and data collection disclosures accepted by users for each product at installation", it said.

Spyware apps making their way into app stores are not unique, but most are obscure and rarely used.

Apple did not immediately respond to a request for comment.

Reed is telling Mac owners to be wary of unnecessary apps.

Latest News