EXECUTIVE SUMMARY:

As data privacy laws roll out and more users become wary of how their personal information is being used, it seems that some businesses are seeking workarounds. Two recent stories have surfaced in which businesses have surreptitiously sought to collect user data—with ‘helpful’ apps that scan for more than just system issues.

Researchers discovered that one of the most popular apps on the Apple App Store functions as spyware, Wired reports. Security scanning app Adware Doctor is number four on the App Store’s list of top paid apps. It collects data on its users (browsing history, software processes) that it stores and then sends to a server in China.

With Apple devices, sandboxing processes typically stop this kind of thing from happening. Apps are contained individually to prevent them from accessing anything extraneous. But Adware Doctor is designed to request permission to access the macOS “Home” folder. When granted permission by the user, the app uses that access to collect data—violating users’ privacy and Apple’s rules.

Apple initially did not remove the malicious app from the App Store for several weeks after being notified. However, it has since taken it down.

Other recent reports have revealed that multiple apps developed by Trend Micro collect similar user data. The company confirmed that the Dr. Antivirus, Dr. Cleaner, Dr. Cleaner Pro, Dr. Unarchiver, Dr. Battery, and Duplicate Finder apps collected and exfiltrated users’ browsing histories and other data, such as lists of installed apps.

Given that mobile phones often contain the details of both work and private lives, it’s important to be aware of the types of permissions granted to access devices.

Get the full story at Wired.