Another popular privacy app in the Mac App Store caught stealing users' browser history
Dr. Unarchiver hovers near the top 10 in the App Store. With luck we'll get one of those poetic "kettle logic" sequences, where any one answer might be reasonable enough but in combination becomes damning.Apple doesn't let anyone do it.We're not doing it.We didn't know we were doing it.Everyone does it.There's nothing wrong with doing it.It's your fault we had to do it.Also in on all your smut and sedition choices, if they want it badly enough: your ISP, your VPN, your government, your device maker, your browser maker, and your gods.When you give an app access to your home directory on macOS, even if it's an app from the Mac App Store, you should think twice about doing it. It looks like we're seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data - especially browsing history - and upload it to their analytics servers.
Today, we're talking specifically about the apps distributed by a developer who claims to be "Trend Micro, Inc.", which include Dr. Unarchiver, Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this "Trend Micro, Inc." account on the Mac App Store collect and upload the user's browser history from Safari, Google Chrome and Firefox to their servers. The app will also collect information about other apps installed on the system. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer's servers.