The supposed customer-protective Apple Mac Store is carrying some dangerous tracking apps. As highlighted by several researchers separately, many of the famous Mac App Store apps steal user data – a clear violation of Apple’s user privacy slogan. Most of these apps appear as legit apps for system cleanup, adblocking, antivirus, or simply, office apps.
Several Mac App Store Apps Steal User Data
As per a recent report from Malwarebytes Labs, at least four different Mac App Store apps are secretly pilfering your data. Precisely, they are exfiltrating your data, where the information is transmitted to servers controlled by the app developer. Since these apps appear legit, they easily trick the users to download them and allow all permissions as asked. In fact, these apps also include one of the top-rated applications on the Mac App Store.
Thomas Reed from Malwarebytes Labs stated in his blog, that several researchers have discovered different apps practicing this data exfiltration. In most cases, the apps send the data to some Chinese servers that may not be secure for data storage and protection. He named four different apps in his report, namely, Adware Doctor, Open Any Files: RAR Support, Dr. Antivirus, and Dr. Cleaner.
These apps, upon installation, ask explicit permissions for accessing various data on the user’s device. This includes everything from browser history, running processes, lists of downloaded software, and the details of apps present on the device.
Apps Link Back To The Same Origin
As highlighted by Thomas Reed in his article, most apps he mentioned reportedly belonged to the same developer. He states in the blog,
“We found that the drcleaner[dot]com website was being used to promote these apps. WHOIS records identified an individual living in China, and having a foxmail.com email address, as being the registered owner of the domain.”
While Reed didn’t name any specific firm to back these apps, Privacy1st, a security researcher who first pinpointed the shady practices of Adware Doctor, confirmed that the other apps belong to Trend Micro – a (Chinese?) cybersecurity firm.
hey @TrendMicro nice way of doing dodgy business… exfiltrating user data with Open any Files and Dr. Cleaner… I ask myself why a company such as TrendMicro is registering the domain of Dr. Cleaner at a private person in China? Just curious…
— Privacy 1st (@privacyis1st) September 7, 2018
After going through his tweets, LHN also thought to dig a little deeper. So, we counterchecked the website Dr.Cleaner.com. Indeed, it appears to be a legit website by the Trend Micro company, mentioning quite a few Trend Micro products. However, we could not find any RAR support associated with it. On the Mac Store as well, the app listed “Hao Wu” as the developer instead of Trend Micro.
Apple Already Taking Down Data Tracking Apps
Apple has recently made its app store policies more strict for the developers. Focusing specifically towards user privacy and data protection, Apple has begun banning apps that contradict with its policies. This even includes Facebook’s Onavo VPN. Moreover, it is also making it mandatory for all apps to have a clear privacy policy. However, considering Reed’s statement about the fact that the malicious apps keep entering the App Store despite complaints, Apple seemingly needs to improvise its app review process.
Apple has reportedly taken down Adware Doctor from the app store after all the reports, we shall wait to see when Apple removes the other Mac App Store apps that exfiltrate data.