Updated! More apps from the Mac App Store have been caught stealing user data.
The other day it was Adware Doctor, and now it's Dr. Archiver & Dr. Cleaner from Trend Micro.
Apps created by a developer named 'Trend Micro, Inc.' have been caught collecting and uploading user browsing data to a server. The issue was reported by a user on the Malwarebytes forum page and in a separate report. It was then followed up by other researchers, who found that this account on the App Store collects and publishes browser history from the Safari, Chrome and Firefox browsers to servers. Information about other apps on your Mac is also collected, and this information is collected at launch of the application.
9to5Mac has seemingly confirmed these reports. They say:
After extracting a zip file with the app, it offered an option to “Quick Clean Junk Files”. Selecting “Scan” launched an open dialog with the home directory selected, this is how the app gets access to a user’s home directory, which it needs in order to collect the history files from browsers. After allowing access to the home directory, the app proceeded to collect the private data and upload it to their servers (we blocked that with a proxy)
Dr Unarchiver was [see update] the 12th most popular app in the US App Store. It's clear this is a massive privacy issue and Apple needs to do something about it. At the time of writing this report, the apps mentioned in this article have been removed from the US and UK App Stores.
The techniques mentioned are similar to what the Adware Doctor application was doing, before it was removed by Apple. If you want to prevent these applications taking your data, never allow them access to your home directory on your Mac.
We recommend that you go through your installed applications on your Mac and uninstall similar applications (that "clean junk"), in case they do the same thing. We will publish a guide to cleaning your Mac soon, and avoiding this cleaner apps.
[Update 1:] The certificate issued for the domain drcleaner.com is registered as Trend Micro, Inc. The domain where the data is uploaded is a subdomain of trendmicro.com, and this confirms the apps are published by Trend Micro.
From September 26 to September 28, you can expect less to no posts on Instagram. To stay up to date with the latest news, we recommend checking our website frequently. We apologize for the inconvenience.