However, this incident suggests that these stores can not be fully trusted as some of the most popular apps (Dr. Unarchiver is #12 most popular free app in the US Mac App Store, Adware Doctor is #1 paid utility app) there are putting user data at risk.
Adware Medic was a direct copy of an app developed by Malwarebytes.
Observing the behavior of the apps, the researcher noticed that they received at runtime a JSON file with different codes, which suggests that the apps retrieve commands from the mother ship for data exfiltration.
The company notes that it disclosed this data collection in its end-user license agreements and that browser history data was uploaded to a U.S. server hosted by Amazon Web Services and managed by Trend Micro. While Apple has already removed all these apps from the store, the shock for many is that the Mac App Store review policy didn't catch the nefarious action in the first place.
Trend Micro also points out that "the potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation" and that "the browser history data was uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro".
Lists of all running processes on the computer the program is installed on, and the software the user has downloaded are also packaged up in compressed files by Adware Doctor, and sent to a server in China.More news: Mac Miller's Friend: Ariana Grande Was Very Supportive of His Sobriety
Wardle revealed that the app's developers exploited a loophole that allowed them to access that data despite Apple's restrictions.
Another thing these apps have in common is a connection with Trend Micro and a Chinese developer.
The security breaches were reported by researchers Thomas Reed in Malwarebytes Labs, Patrick Wardle of Objective-See and @privacyis1st.
We reached out to Trend Micro for a statement on the matter but received no reply at the time of publishing.
Wardle added that he notified Apple of his findings a month ago, and the app has been taken down from the App Store. Cleaner, and others distributed by developer "Trend Micro, Inc." collect and upload the user's browser history from Safari, Google Chrome, and Firefox onto their servers via access to the macOS home directory.