Apple removes top anti-malware apps from its store for “stealing data”

Apple removes top anti-malware apps from its store for "stealing data"

Adware Doctor and Trend Micro Apps have been kicked out by Apple.

Apple Inc. has always propagated its products as designed with most advanced security and privacy practices. The company has also promoted itself as the only firm that prioritizes and safeguards user privacy. The iOS and Mac App Stores are referred to as the primary examples of this strategy.

It is indeed true that Apple’s devices are deemed far more reliable in certain situations such as where users are tricked into downloading infected or compromised software from third-party sources. Apple’s Mac App Store only offers reliable, certified, and authentic software that substantially prevents such situations.

Adware Doctor app removed

However, a researcher using the alias Privacy 1st has released a PoC (proof-of-concept) video describing the suspicious behavior of the security scanning app Adware Doctor. This app ranks number four on the top paid apps list on the Mac App Store.

After the researcher released the PoC, Mac security researchers Thomas Reed from Malwarebytes and Digita Security’s Patrick Wardle also examined the issue on their own. It was identified that the app collects user data including browser history, and information about other software and processes that run on the device. The app then stores the acquired information in a locked file and gradually transfers it to a server located in China. These actions violate the developer guidelines of the Apple App Store.

According to Privacy 1st, Apple Inc. was notified about the issue but the app still featured on the list of top utilities and top paid apps when he last checked.

The app is supposed to prevent infected files from affecting the Mac but it is actually sneakily stealing the device’s browsing history and also transmitting it to unknown servers. The app clearly is violating the iPhone maker’s sandboxing features by obtaining browsing history from Safari, Chrome, and Firefox. As explained by Wardle:

“Now, an anti-malware or anti-adware tool is going to need legitimate access to user’s files and directories — for example to scan them for malicious code. However, once the user has clicked ‘Allow,’ since Adware Doctor requested permission to the user’s home directory, it will have carte blanche access to all the user’s files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses!”

That’s why security researchers are of the opinion that the app is violating the Apple App Store guidelines. It has been a month since Apple was notified but the company has taken steps to remove the app from the store only now after the researchers brought the matter to public attention. The good news is that Apple has finally removed the shady app from its App Store.

Three Trend Micro apps removed

Trend Micro is a Japanese cyber security giant. The company has offices in Asia, Europe, and the Americas while its anti-malware solutions are being used by millions of users around the globe. However, on September 11, Apple removed three security apps from its Mac app store for “stealing user data and sending them to an unidentified server in China.”

All three apps were developed by Trend Micro. The company has also confirmed the development, but, in their blog post; the security giant has rubbished reports claiming that its apps were stealing data and sending it to China. However, after conducting an investigation the company confirmed that some of its did collect user data for “security purposes” and uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro.

“Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation,” said Trend Micro in its blog post.

“This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The potential collection and use of browser history data was explicitly disclosed in the applicable EULA and data collection disclosures accepted by users for each product at installation,” the company explained.

Trend Micro has also claimed that it has removed the browser collection features across its consumer products in question and the data that was collected including legacy logs and browser history has been permanently dumped.

Related Posts