A number of applications in the Mac App Store have found to be violating Apple’s Developer End User License Agreement, by stealing user data from their Mac computers, reports AppleInsider.
One of the apps in question was a top paid utility, available in the Mac App Store before Apple removed it.
Security firm MalwareBytes reports:
The data is dispatched to servers in China, a country that doesn’t require the same stringent storage requirements as the United States or European countries for personal data. In cases like these, it is highly likely the data is being used for malicious purposes.
Apps including Adware Doctor collect user’s Safari search history and sends a list of downloaded software installed on a users’ computer while it “cleans” the computer.
Apple’s processes in the Mac App Store have failed, as these malicious applications found loopholes in the system.
After AppleInsider reported the incident, the malicious Chinese servers were taken offline, so no user data can be sent.
MalwareBytes has made the following comment:
“treat the App Store just like you would any other download location: as potentially dangerous, orse, even if you don’t give it access, it may find a loophole and get access to sensitive data anyway”
Apple has a website for reporting problems about potential malware and spyware on the Mac App Store. Appleosophy recommends staying away from Mac cleaning apps, and allow macOS to work its magic.
This is one sign again, that Apple needs to pay attention to the Mac App Store, but the future macOS Mojave update, coming this fall hopes to change this with an all-new design and iOS ported apps launching late next year.