[ad_1]
When you allow an application to access your home directory on macOS, even if it's an application from the Mac App Store, you have to think twice about it. It seems that we see a trend of Mac App Store applications that persuade users to give them access to their home directory with some promise, such as antivirus scanning or cleaning caches, when the real reason is to collect user data – especially the browsing history – and upload it to their analytics servers.
Today, we are specifically talking about applications distributed by a developer who claims to be "Trend Micro, Inc.," including Dr. Unarchiver, Dr. Cleaner, and others. This issue has already been reported by a user on the Malwarebytes forum and in another report. Other researchers followed and found that apps distributed by this "Trend Micro, Inc." account on the Mac App Store collect and download the user's browser history from Safari, Google Chrome, and Firefox to their servers. The application will also collect information about other applications installed on the system. All this information is collected during the launch of the application, which then creates a zip file and uploads it to the developer's servers.
We were able to confirm these reports, at least with Dr. Unarchiver application. After extracting a zip file with the application, it offered an option for "Quickly clean up unwanted files". By selecting "Analyze", you open an open dialog box with the selected base directory. This is how the application accesses the user's home directory, which is required to collect browser history files. After allowing access to the home directory, the application collected the private data and downloaded it to their servers (we blocked this with a proxy). Scroll for screen captures.
The inspection of archive files of applications and downloads on their servers revealed the full browser history for Safari, Google Chrome and Firefox, separate files specifically dedicated to storing recent Google searches from the Internet. user on the same browsers and a file containing the complete list of installed applications. on the system, including information about their download location, 64-bit compatibility, and code signing.
As of today, "Dr. Unarchiver "is the # 9 free application of the US Mac App Store. This is a major privacy issue and we expect Apple to remove these apps from the Mac App Store fairly quickly. Users do not expect sandboxed applications to get this level of access to their systems, but it is important to note that when an open file dialog box is opened by an application In sandbox, access to many private information, including browsing history, iMessage conversations, e-mail messages, and so on. Apple is improving this situation with macOS Mojave, but the App Store review process should have taken these practices and rejected applications for breach of the user's privacy.
The technique adopted by the applications presented here is very similar to that of Adware Doctor. If you want to protect yourself from this type of problems, never give an application – even from the App Store – to your home directory, this can happen if the application opens a file dialog open and open your home directory. or if you drag your home directory into the application.
After extracting a zip file, the application proposes to "clean up unnecessary files"
With a proxy, we were able to capture the request from the application,
download a zip file with user data
A small sample of the data collected by the application in Safari's history
[ad_2]
Source link