Multiple popular Mac applications distributed on the App Store collect user data and send them to external servers



It turned out that one of the applications provided for the Mac in the App Store gathers user data such as browser history without user's permission and sends it to the server in China, and it has become one riot . In addition, as a developer, "Trend Micro, Inc." (Trend Micro) and credit-written application " Dr. Unarchiver " are also distributed on the App Store, and it is clear that they are collecting user data without permission I will.

Objective-See's Blog
https://objective-see.com/blog/blog_0x37.html

Patrick Wardle, a former NSA technician who currently operates security countermeasure company Digita Security, said that the paid application " Adware Doctor " provided in the App Store will update browsing history of browsers such as Safari, Google Chrome, Firefox We collected it without user's permission and sent it to the server in China.

Adware Doctor is an application that can easily delete caching of browsers such as Safari, but it asks the access right to the history in order to delete the browser history, collects the history data if it is permitted, delete "adscan. yelabapp.com "to the server in China. The credit of Adware Doctor developer is "YONGMING ZHANG".



It is said that the collected data was encrypted.



The hash of the signature information obtained from the plaintext data obtained by decrypting the data in memory matched the list of adware information, Mr. Wardle said.



In addition, even before Mr. Wardle's accusation, there was a user's point that "Adware Doctor is stealing personal information." A security researcher named Privacy 1st found and warned that Adware Doctor has a function to bypass sandboxing of Mac applications as well as sending browser histories but also to acquire data.


Privacy 1st says John Maxx has released Adware Doctor's stolen data on YouTube.

ALERT: ADWARE DOCTOR STEALING YOUR INFORMATION MAC APPSTORE - YouTube


When Mr. Youdle's warning got bigger than a month after Mr. Privacy 1st's accusation, Apple deletes it from the App Store due to Adware Doctor committing violation of the App Store. However, concerning Apple's correspondence, it is criticized as having been left untreated despite being pointed out the danger of the application.


In addition to Adware Doctor, suspicion of collecting user data is also raised in applications distributed on the App Store called "Dr. Unarchiver".

Like Dr. Unarchiver, like Adware Doctor, it collects user's browser history and sends it to an external server. Also, unlike Adware Doctor, it collects information related to other installed applications.

John Maxx has released a movie about Dr. Unarchiver's data collection as well.

TrendMicro is acting dirty stealing users privacy - Vimeo -


9 to 5 Mac verified that Dr. Unarchiver knows to collect Safari · Chrome · Firefox browser history, recent Google search data, list of installed applications on the system.

Dr. Unarchiver asked for permission desiring to collect garbage data called "Junk Files", and when the user agreed, they gathered data suddenly.



The collected Safari's access history looks like this.



Privacy 1st asking for developer's "Trend Micro" about Dr. Unarchiver's work Privacy 1st.


About the question of "Is the developer of Dr. Unarchiver really Trend Micro of security countermeasure?" There was a question of surprise along with a surprise, but with a link saying "Dr. Unarchiver is being introduced at Trend Micro's home site" Reply is also attached.


At the time of article creation, Dr. Unarchiver is downloadable, but there is a possibility that it will be regulated by Apple as a result of the disturbance.

in Software,   Video,   Security, Posted by darkhorse_log