14 DAY TRIAL // After the Adware Doctor Mac App Store security fiasco and the report confirming that dozens if not hundreds of iOS apps sold location data to third parties unbeknownst to their users, Apple is again under fire regarding its App Stores' review rules and approval mechanisms.
According to evidence gathered by the Malware Bytes Labs and a few other security researchers and hobbyists, Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, Open Any Files, and possibly more, are other macOS apps accepted by Apple into their Mac App Store which surreptitiously collect and send large amounts of sensitive data to servers such as browsing history and lists of installed apps.
The four apps are now removed from the Mac App Store, after multiple reports to Apple during the last two days. They were all available within the store for the entirety of this year and had thousands of ratings (fake or real) with the number of installs being almost as high.
Malware Bytes Labs says in their report that all apps mentioned above have been observed to collect and exfiltrate the full browsing history for Safari, Firefox, and Google Chrome, as well as a complete list of all apps installed and downloaded on the user's Mac.
The most important issue at this time, besides Apple's security blunder, is if the Dr. Antivirus, Dr. Unarchiver, and Dr. Cleaner macOS apps have been developed and published by the reputable Trend Micro Incorporated security company given the fact that the two apps have been using their name as the developer.
Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, and Open Any Files are the new culprits
Although Trend Micro neither confirmed or denied it, there is evidence which connects the security company to the entity behind Dr. Antivirus, Dr. Unarchiver, and Dr. Cleaner, seeing that the SSL certificates for both the trendmicro.com and the drcleaner.com domains are issued to Trend Micro Inc. by the AffirmTrust CA.
Even though Apple has removed the apps already reported during the last few days from the Mac App Store, there are still a number of Trend Micro macOS apps left (i.e. App Uninstall, Network Scanner, and Dr. Wifi) which should probably be checked for similar spyware-like behavior.
At this point, one has to wonder why Apple's (Mac) App Store approval process is so flawed that apps which gather and share private user data with third parties pass their "strict" guidelines and end up tarnishing the company's reputation.
Also, why would they act so slow in removing apps which have been confirmed to have spyware behavior by numerous security experts, in some cases leaving them in the App Store for up to an entire month after the initial report?
Maybe the time has come that Apple changes its App Stores' (iOS and Mac) testing and approval strategy by focusing more on the quality of the apps instead of their numbers.
Because how can you even mention that the company's focus is on protecting the users' privacy and security when some of the apps you deem "safe" and distribute through your official stores / channels do the exact opposite?
