Popular Mac apps caught stealing and sharing users’ browser history

Update: We got in contact with Trend Micro , and the company has provided the following statement: "Trend Micro is aware of a recent scrutiny of some of our consumer applications, including our Dr. Cleaner, a cleanup app that offers Memory Optimization, Disk Cleaning and System Monitoring, and Dr. Antivirus, an antivirus app that protects Mac users from adware and hijack browsers. We take this situation seriously and are diligently digging into this before sharing additional details. We take data privacy very seriously and will do anything necessary to ensure our customers are protected."

Original story continues...

It’s emerged that a number of apps from the Mac App Store have been secretly gathering user data and uploading it to remote servers.

What’s particularly worrying is that these apps, which come from a developer that claims to be 'Trend Micro, Inc.', are very popular, often appearing high in the App Store’s free software charts.

Trend Micro, Inc is a well-known name in virus protection, so users could be forgiven for thinking that downloading an app from the company would be safe. We’re trying to contact the company to verify its origins.

The apps in question include Dr. Unarchiver and Dr. Cleaner, and were billed as apps that could help protect and clean up your Mac, or be used to open archived files.

Instead, it appears the apps, which are installed with access to the home directory on macOS, would gather data from the Mac as a zip file and upload it to the developer’s servers.

Sharing is uncaring

According to reports on the Malwarebytes forum, the apps collected browsing history from Safari, Chrome and Firefox web browsers, as well as information about which apps have been installed on the Mac. The user is not alerted to this data gathering.

The 9to5mac.com website, which has reported on the issue, tried out one of the apps, Dr. Unarchiver, and confirmed that it was indeed collecting data from the home directory of the Mac it was installed on.

On using the app, 9to5mac.com found it had created a zip file which, when opened, contained browser history, Google search information, and a “file containing a complete list of all apps installed on the system, including information about where they were downloaded from, whether they are 64-bit compatible and their code signature”.

At no point did the app ask permission or inform the user that it was collecting this data. What’s really worrying is that if these apps have access to the home directory they could potentially gather even more personal data without consent.

The apps have now been removed from the Mac App Store, but if you have previously installed these apps, you should uninstall them straight away. This revelation follows similar stories of Mac apps gathering data without permission, and could point to a worrying trend.

Macs have a reputation for having better security than Windows machines, mainly thanks to the Mac App Store, and Apple’s supposedly stringent rules for allowing apps to be included there. If more apps are found to be covertly gathering user data, however, this reputation could be at risk.

Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. Ever since he got an Amiga A500+ for Christmas in 1991, he's loved using (and playing on) computers, and will talk endlessly about how The Secret of Monkey Island is the best game ever made.