Apple has removed a series of apps from the Mac App Store after they were found to be accessing users’ private data and sending it to remote servers. The apps in question include Adware Doctor, Open Any Files: RAR Support, Dr. Antivirus, and Dr. Cleaner.
The apps duped users into giving them access to their macOS home directories by promising to perform functions such as scanning for viruses or clearing caches. By accessing the home directory, they were then able to gain access to information about users’ browsing history, and more.
The security breaches were reported by researchers Thomas Reed in Malwarebytes Labs, Patrick Wardle of Objective-See and @privacyis1st. The issue first came to light late last week when TechCrunch reported on Adware Doctor. However, since then other similarly problematic apps have been discovered.
A challenge to Apple’s privacy credibility
While Apple generally has a strong record when it comes to user privacy, this is bound to (rightfully) stir up some criticism. Already, there are calls for Apple to consider hiring an independent board to oversee app store approvals and make this area more transparent.
It comes at a time when the App Store model, which is supposed to give users a walled garden platform through which they can download high quality apps, is already under attack.
Unrelated to this, Apple recently announced that — from October 3 — it will require app developers to host their own privacy policy — describing how apps collect data, how long this is held, and how users can revoke consent and have the data deleted if they wish.
The company has also introduced the ability to let users download a copy of all the data Apple has collected about them — including App Store and iTunes activity, Apple ID account and device information, online and retail store activity, AppleCare support history, and more.
How do you think Apple should deal with this problem? Let us know your thoughts in the comments below.
Via: 9to5Mac