Last week, a report detailed how one of the top paid utility apps on the Mac App Store was quietly stealing the browser history of its users and uploading it to a server in China. Apple was soon to remove the app from the Mac App Store as soon as the news broke but as it turns out, there are more apps on the App Store indulging in the same tactics.
Apps distributed by a developer called “Trend Micro, Inc.” on the App Store have been caught doing the same thing. The apps offered by this developer includes Dr. Unarchiver, Dr. Cleaner, Adware Medic and more.
Similar to Adware Doctor, all apps from Trend Micro required access to a user’s home directory on macOS to work properly. After getting access to the home directory, these apps would then silently created a zip file containing the user’s browsing history from Safari, Chrome, and Firefox which was then uploaded to their servers. They also uploaded a report on the other apps installed in the system.
One of the culprit apps, Dr. Unarchiver, was among the 12 most popular free apps on the US Mac App Store. Soon after the original report caught steam, Apple pulled all the apps in question from the Mac App Store.
The whole point of an App Store is that all apps on the platform are vetted and verified by Apple before they are listed for download. However, Apple seems to have failed to do its job properly here. While users should always be wary of giving home access to apps in macOS, some apps do need access to it to work properly. Apple is making some privacy improvements in macOS Mojave which should prevent apps from stealing a user’s browsing history but given how a company lays so much emphasis on the privacy and security of its users, this should not have happened in the first place.
Perhaps Apple does not care about the Mac App Store as much as the iOS App Store simply because it does not generate as much money for it.