More Data-Stealing Apps Yanked from Mac App Store

Mac anti-malware applications and utilities published by cybersecurity company Trend Micro have been removed from the macOS App Store after online allegations that the programs were collecting and exporting user browsing histories to external servers.

The apps include Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery and Duplicate Finder.

Trend Micro denied any wrongdoing Monday in a statement: “[r]eports that Trend Micro is ‘stealing user data’ and sending it to an unidentified server in China are absolutely false.”  

The company claims that the software uploaded only the last 24 hours of browsing history at the time of installation for “security purposes ... to analyze whether a user had recently encountered adware or other threats.” That argument doesn't completely make sense because many Mac adware infections persist for months, and one day's browsing history wouldn't be much help in detecting those. 

The browsing history was uploaded to an Amazon cloud server, which goes against Apple developer rules. It's not clear whether Apple booted the programs or whether Trend Micro voluntarily pulled them out of the App Store.

The Apple move follows last week's removal of an best-selling ad-blocking application, Adware Doctor, from the Mac App Store after it was found to be sending user data to a server in China. More disturbingly, Apple had apparently known of problems with Adware Doctor for a month, but it stayed in the App Store until the issue was publicly disclosed.

"It's blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be," wrote Malwarebytes' Thomas Reed, one of the world's foremost researchers of Apple system security, in a Malwarebytes company blog posting. "I strongly encourage you to treat the App Store just like you would any other download location: as potentially dangerous."

In a separate disclosure, researchers at Sudo Security Group discovered that nearly two dozen iOS apps were recording and selling user location data to marketing companies. The researchers also found about 100 iOS apps issued by U.S. local television stations that contain similar data-monetization code.