Popular applications including Dr. Unarchiver, Dr. It is not entirely clear yet whether Apple took action itself and stripped the info-collecting software from its online macOS application store, or if Trend Micro pulled the apps itself following complaints.
9to5Mac| Sample browsing data collected by the app.
It was removed by Apple, but the developer renamed it as Adware Doctor which has been sold via the App Store until this week.
It claims it prevents "malware and malicious files from infecting your Mac" and claims to be one of the best apps to do so. Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory. At no point was user consent requested, nor where users alerted that this happening behind the scenes. "So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses".
Trend Micro's list of apps in the App Store at the time of publishing is reduced to two entries: Network Scanner (five ratings) and Dr. WiFi (not rated yet). "This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)".
The apps' behaviour was noticed by a security researcher last week. A free app from the App Store may seem perfectly innocent and harmless, but if you have to give that app access to any of your data as part of its expected functionality, you can't know how it will use that data.
Trend Micro, Inc is a well-known name in virus protection, so users could be forgiven for thinking that downloading an app from the company would be safe. The company says that an initial investigation confirms that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected browser snapshots, but the behavior was disclosed in the EULAs of each product. Apple did finally remove Adware Doctor from the App Store once this story started to break, but as Wardle notes, he reported his findings to Apple a month ago and was promised a swift response. A representative of the company told BleepingComputer that the company statement would be updated continuously.