Some of the Mac App Store's biggest security apps found spying on users' browsing habits
Popular MacOS security apps taken down following claims they exfiltrate user data to China
A number of security apps for the Apple Mac, offered via Apple's curated Mac App Store, have been taken down after it was found that they were spying on users' web browsing habits.
Apps by the name of Dr Unarchiver, Dr Cleaner, Adware Medic, Adware Doctor and App Uninstall have all be removed - with the finger of blame for some of them being pointed at security giant Trend Micro. The apps were some of the most popular apps available in the Mac App Store, too, with Adware Doctor also available as a paid-for version for $4.99.
All the apps work in much the same way: first, they trick the user into giving them MacOS home directory access with virus scanning and clear cache options. Once granted, the apps abuse these access privileges to gather browser-history data from Chrome, Firefox and Safari and covertly send them back to a server in China.
The insecure security apps were identified by a security researcher in Germany, tweeting under the @privacyis1st moniker, who noted that Adware Doctor - attributed to an individual or company called Yongming Zhang, which is also the name of an infamous Chinese serial killer - and the Trend Micro apps that have been implicated both exfiltrate data to the same IP address in China.
Data uploaded to the system by Trend Micro's Dr Unarchiver was found by 9to5Mac to include browser data, as well as a separate file containing Google searches and a complete list of all the apps installed rivalling the not-so-good doctor for attention. Before being pulled from the store, it was the 12th most popular free app in the American Mac App Store.
However, there is some evidence that this isn't the first time that Apple has been notified about these apps behaviour. One Twitter user claims that they first notified Apple last year, while app developer and blogger Patrick Wardle claims in a blog post that the insecurities may even go back as far as 2016.
"Reading up on Adware Doctor we find it has a rather unscrupulous history. In 2016 it was shown that the application was (ab)using AppleScript in an apparent attempt to perform elevated actions (in violation of Apple's App Store Guidelines)," wrote Wardle.
In addition, claims Wardle, "the stellar reviews are bestowed upon Adware Doctor (and other applications by the same developer), are likely fake", with the app enjoying an unlikely level of five-star reviews.