Apple takes down Trend Micro Mac apps that collected, stored user data


At the time of the investigation, Dr. Unarchiver was the 12th most popular free app in the US Mac App Store, but it has since been pulled from the storefront.

But sometimes these ratings fail, as happened in the case of Adware Doctor app. Users will undoubtably be frustrated that their online privacy was violated and that possibly identifiable information was sent and stored in Trend Micro's server. The apps in question later collected browsing data as well as data of the apps installed on the system, made a zip file of the information and sent it to the developer's server. In fact, the Dr Cleaner and Dr Antivirus products were named alongside AdWare Doctor as bad actors in the initial PrivacyFirst report on the matter. Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory.

Adware Doctor and Komros Adware Cleaner (same developer behind them), Open Any Files and Adblock Master relied on the same technique to lift the information from users.

What's interesting about this incident is that it's rare to find malicious apps slipping through Apple's strict security criteria when it comes to what users can download in the app store.

The well-known security app, of course, Adware Doctor is one of the most widely used and well-known security applications on macOS, dedicated to detecting and eliminating malware and other security issues. We have learned that browser collection functionality was designed in common across a few of our applications and then deployed the same way for both security-oriented as well as the non-security oriented apps such as the ones in discussion.

Security firm Trend Micro has apologized after several of its consumer macOS anti-malware products and utilities were discovered to be capturing the notebook's browser history data and sending it to a remote server.

"This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)", Trend Micro explains, adding that the data was uploaded to a server in the United States on Amazon Web Services, not in China. "Cleaner, a cleanup app that offers Memory Optimisation, Disk Cleaning and System Monitoring, and Dr. Antivirus, an antivirus app that protects Mac users from adware and hijack browsers".