BY ADAM SMITH, mashable.com
This isn’t good.
A number of applications on Apple’s Mac App Store are secretly gathering user data and uploading it to analytics servers.
Popular applications including Dr. Unarchiver, Dr. Cleaner, and others distributed by developer “Trend Micro, Inc.” collect and upload the user’s browser history from Safari, Google Chrome, and Firefox onto their servers via access to the macOS home directory.
These rogue apps will also collect data from other apps installed on the system, all of which is gathered the moment you launch them, according to 9to5Mac. The issue was originally spotted by a user on the Malwarebytes forum.
The reports were confirmed by 9to5Mac when, after downloading the Dr. Unarchiver application and making it scan the home directory to “Quick Clean Junk Files,” the app proceeded to collect reams of unnecessary information.
This included data from various browsers, separate files dedicated to recent Google searches, and a complete list of all apps installed on the system (including code-signatures, whether they were 64-bit compatible, and information about where they were downloaded from).
At the time of the investigation, Dr. Unarchiver was the 12th most popular free app in the US Mac App Store, but it has since been pulled from the storefront.
While macOS Mojave is set to improve security with regards to applications accessing the home directory, the store’s review process should have picked up on this infringement of user security and not allowed the applications onto the Mac App Store. Furthermore, since Apple’s more stringent approach to applications, at least in comparison to Google’s more lenient approach, exist to provide greater security, this news tarnishes the tech giant’s reputation.
This news comes after the revelation that another popular application, Adware Doctor, on Apple’s Mac App Store was secretly spyware that sent your browser history to China. Before it was removed, the $4.99 Adware Doctor ranked as the fifth top paid app on Apple’s official store. The application had received over 6,000 five-star reviews, but it is unclear (and doubtful) that the positive ratings were genuine.