Adware Medic was a direct copy of an app developed by Malwarebytes. The apps also collected information on other apps that were installed on the computer and then bound all that data in a zip file and uploaded the data to the developer's server. Cleaner, and were billed as apps that could help protect and clean up your Mac, or be used to open archived files.
The company notes that it disclosed this data collection in its end-user license agreements and that browser history data was uploaded to a United States server hosted by Amazon Web Services and managed by Trend Micro.
The controversy first erupted in August when pseudonymous German security researcher Privacy1st posted a YouTube video of how the top-selling Trend Micro Adware Doctor exfiltrated users' browser history and files. At least a handful of apps available for Mac users that ask for that permission are using that access to steal user data such as browsing history and then upload that history to analytics servers.
Another thing these apps have in common is a connection with Trend Micro and a Chinese developer.
"The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation".
The firm said this was done for "security purposes", in order to analyse whether a user had recently encountered adware or other threats. It is unknown how many users downloaded these "tools" and had their data scraped over the lifetime of the apps.
However, it added that it had chose to remove this function from the apps.
What's interesting about this incident is that it's rare to find malicious apps slipping through Apple's strict security criteria when it comes to what users can download in the app store. A representative of the company told BleepingComputer that the company statement would be updated continuously.