Apple Reacts As Multiple Mac App Store Apps Caught Stealing Private Browsing Data

The app market for just about every platform out there is rife with developers who use nefarious techniques to trick users into giving them access to their valuable personal data. You might expect this to be a problem with third-party app stores for Android devices, but some might be surprised to learn that Apple is having an issue with nefarious developers and apps offered for download on the highly-guarded Mac App Store.

The tip-off that something nefarious might be going on with apps for your Mac comes when the app asks for access to the home directory in macOS. At least a handful of apps available for Mac users that ask for that permission are using that access to steal user data such as browsing history and then upload that history to analytics servers. 9to5Mac has performed tests and found that apps from one particular publisher including apps Dr. Unarchiver and Dr. Cleaner (among others) were stealing all manner of data without user's express permission.

Apps from that publisher were confirmed in testing to swipe and upload user browser history from Safari, Chrome, and Firefox. The apps also collected information on other apps that were installed on the computer and then bound all that data in a zip file and uploaded the data to the developer's server. 9to5Mac confirmed this with its testing of the Dr. Unarchiver app. The process of stealing user data starts after unzipping the app and the user seeing an offer to "Quick Clean Junk Files."

If scan is selected for that option, a dialog opens with the home directory selected and when granted users are giving the app access to that directory, which is needed for the app to steal the data. The upload in testing was blocked with a proxy server and inspected. Inspection of the files showed access to recent Google searches on Safari, Chrome, and Firefox, as well as browser history, a complete list of apps on the system including the download location for the apps.

App data also included information on if the apps were 64-bit compatible and the code signature. This data theft is a big issue when you consider the popularity of Dr. Unarchiver; it was the 12th most popular free app in the U.S. Mac App Store. While Apple has already removed all these apps from the store, the shock for many is that the Mac App Store review policy didn't catch the nefarious action in the first place. Many thought this exact thing was what the review process was meant to stop.