Categories: SecurityWorkspace

Popular Mac App Store Utilities Caught Siphoning User Data

Security researchers have uncovered a number of applications in Apple’s Mac App Store that are apparently sending sensitive user data back to their own servers.

The apps include some that are among the most popular on the US Mac App Store.

Several researchers uncovered the apps independently, finding that they were collecting and transmitting data including complete browsing histories and detailed information on the applications installed on a system.

Apple places restrictions on the system information that can be accessed by software on the Mac App Store, but researchers said the apps were able to get around these blocks.

Browsing history

Researcher Patrick Wardle said an app called Adware Doctor was collecting browsing histories from Safari, Chrome and Firefox as well as a list of all running processes.

The app also collects a list of what applications are installed on the system and where they originated, Wardle said.

“Most of this is data that App Store apps should not be accessing, much less exfiltrating,” wrote Thomas Reed of Malwarebytes in an advisory.

Reed said the app has gone by other names in the past and is a copy of an adware-scanning tool he himself had developed.

“We’ve continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple’s review process, is always replaced by a new version before long,” Reed wrote.

Adware Doctor

Wardle said Adware Doctor was the fourth-highest grossing paid application on the App Store, and topped the category of paid utilities.

Reed said similar data-collecting behaviour had been observed from other popular apps, including Dr. Antivirus, Dr. Cleaner, and a scam application called Open Any Files: RAR Support, which promotes third-party antivirus software.

Some of the applications in question, namely Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder, are made by well-known antivirus firm Trend Micro, which denied user data had been compromised.

Trend said certain applications collected a one-off snapshot of users’ browser histories to determine whether they had recently encountered a known malicious website. The data was sent to a US-based server controlled by Trend, the company said.

It said it had decided to remove the browser history collection feature and had erased all the browser history data it had stored from previous collections. Browser data was previously stored for three months.

“The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation,” Trend said in a statement.

“We apologise to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised.”

App Store security

Researchers noted that insecure applications appeared to be repeatedly getting around Apple’s vetting process for the App Store.

“The Mac App Store is not the safe haven of reputable software that Apple wants it to be,” wrote Malwarebytes’ Reed. “These issues reveal a depth to the problem that most people are unaware of.”

He advised that users treat the App Store as they would any other download source, and exercise caution with software they acquire from it.

Apple did not immediately respond to a request for comment.

Researchers said that the spying apps had been removed from the Mac App Store following the publication of their advisories.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago