At MacPaw, a software development company that creates maintenance, security, and distribution solutions for macOS and iOS, we have always been paying attention to cybersecurity. First and foremost — we ensure our customers are secure using our products. We also help increase their personal digital safety. We're using our company's solid expertise in cybersecurity to protect customer data and all operations.

Customers expect our services to work even during a hurricane, pandemic, or war. That's why, in addition to the protected infrastructure, MacPaw has a strong cybersecurity team that ensures each macpawian is safe and aware of modern cyber threats and ways to defend.

So, let's look at where we are now regarding cybersecurity.

MacPaw's cybersecurity highlights

In 2023, MacPaw is proud to be a Champion of Cybersecurity Awareness Month. As a Champion, MacPaw joins a diverse group of organizations, including businesses of all sizes, schools, colleges, universities, non-profits, and government agencies. Together, we aim to promote awareness, provide valuable insights, and foster a collective effort in creating a safer and more secure online world for everyone.

MacPaw also achieved recognition as a finalist in the Organization Excellence category of the Fortress Cyber Security Awards 2023, organized by the Business Intelligence Group. This prestigious awards program aims to honor and celebrate the world's leading companies and products that demonstrate exceptional efforts in protecting data and electronic assets from the ever-growing threat posed by hackers.

On top of that, MacPaw actively supports the macOS cybersecurity community through the partnership of CleanMyMac X and Objective-See Foundation, a non-profit organization focused on creating free, open-source macOS security tools. Objective-See also organizes Objective by the Sea — the world's only macOS security conference where macOS security researchers and professionals share their knowledge and experience in the field.

Internal cybersecurity

At MacPaw, we have a highly proficient security team. It follows a feedback culture that allows reacting to internal threats quickly and helps to improve gaps in missed security controls. Each security team member is responsible for different corporate and product security aspects.

Head of Information Security

Leads the team, defines strategic initiatives, evaluates security performance, and communicates with key company stakeholders.

IT Security Engineer

Works on team members' internal security and safety to ensure their laptops, network, and data are safe. Security Engineer monitors all malicious or suspicious activity and reacts to it. Security Engineer also works on the security awareness of the team. Working closely with the IT team, the Security team improves work quality and automation alongside personal and office security without intruding into the business processes.

Security Operation Engineer

Responsible for integrating security practices into each step of the software development lifecycle and implementing security checks for source code and dependencies. Also, a considerable part of the SecOps work is related to infrastructure security. Security Operation Engineer monitors and checks cloud configuration for compliance with security best practices.

Security Application Engineer

Helps the development team review features from a security perspective, conduct threat modeling, and review findings from security pipelines. The Security Application Engineer reviews all reports from the Bug bounty program as well.

IT Compliance Analyst

Maintains security compliance with applicable best practices in security and IT areas, leads the implementation processes of security standards (for now, ISO/IEC 27001), vendor assessments from a security perspective, and leads internal security audits. Also, the essential part of IT Compliance at MacPaw is increasing the maturity of processes by building the process design and appropriate description in the internal regulations.

Security Analyst

Stays on the front line of cyber defense, detecting and responding to any cyber-attacks that might occur. Security Analyst reports on cyber threats and implements any changes needed to protect the company. The main goals of the security analyst are to implement and manage security monitoring tools and detect, investigate, contain and prevent cyberattacks.

MacPaw's cybersecurity mindset

Since the russian full-scale invasion of Ukraine, protecting our users' data has become even more crucial than ever. MacPaw hosts this data and all infrastructure on Amazon Web Services. All physical servers are stored worldwide (USA, UK, and Ireland) and are safe and sound. MacPaw doesn't store any vulnerable data on Ukrainian servers.

MacPaw works with a reliable payment provider — Paddle.com, a worldwide-known reseller operating in 245 countries and territories. The Paddle's team and technical resources are located in the United Kingdom.

Safe and sound with our products

Moonlock

In July 2023, MacPaw launched Moonlock — a cybersecurity division, specially created to help Mac users stay safe online. Moonlock's latest survey showed that many Mac users don't fully realize their computers can get malware too, so, they don’t do enough to protect themselves.

That is why MacPaw has put together a team of experts including malware researchers to create easy-to-use cybersecurity tools for all Mac users to help them to be protected from modern threats. Moonlock team is working on the creation of the product.

By now, the team has presented its Moonlock Engine technology, which now empowers the Malware Removal module of MacPaw's most popular product — CleanMyMac X.

Clear VPN

ClearVPN, launched in 2020, is a hassle-free VPN solution for individuals who want to expand and protect their online experience. Unlike other VPN apps, ClearVPN focuses on user experience and users' actual needs. Users can upgrade their online journey effortlessly with just one tap, while ClearVPN ensures all traffic remains private and secure.

ClearVPN has a strict no-logs policy and industry-grade encryption protocols to ensure the user's connection is private and secure.

ClearVPN uses AES-256 encryption to eliminate security vulnerabilities and achieve a high-speed connection; the app relies on its custom protocol and IPSec IKEV2 and OpenVPN. Browse, play, stream or communicate without any tracking from the ISPs. Additionally, we have a zero-logs policy. MacPaw doesn't store, share, or even collect users' online activity, personal info, IP address, etc.

In 2021, ClearVPN was selected as the winner of the "Mobile VPN Solution of the Year" award from the CyberSecurity Breakthrough.

In 2022, ClearVPN won the "Hot Company VPN" award from Cyber Defense Magazine (CDM), the industry's leading electronic information security magazine.

In 2023, the editors of Cyber Defense Magazine named the updated version of MacPaw's VPN solution, ClearVPN 2, VPN of the year.

SpyBuster

SpyBuster is an entirely free on-device anti-spyware app that helps users effortlessly secure their data by weeding out apps and web connections reporting to unwanted servers. SpyBuster does two jobs — scans your device for installed apps with known ties to russia or belarus and monitors if data is being sent to russian or belarusian servers when the app is in use.

SpyBuster is MacPaw's answer to the full-scale invasion of Ukraine by russia. The app was created in less than a month by our developers inside bomb shelters.

SpyBuster premiered as a macOS tool in March of 2022. By June, it debuted as a Chrome extension that alerts users to suspicious website connections and visualizes them on a map. The Static Analysis functionality of SpyBuster also got added to CleanMyMac X as part of its Uninstaller module. The much-anticipated iOS version of the anti-spying tool SpyBuster became officially available in July 2022.

In November 2022, SpyBuster was shortlisted for the Cyber Security Awards 2022 in the category Cyber Not For Profit Team of the Year.

In 2023, SpyBuster won Golden Kitty by Product Hunt in the Privacy-Focused category. The Golden Kitty Award is an annual award that is considered the "Oscar" of the IT industry.

CleanMyMac X

CleanMyMac X is an all-in-one package to awesomize Mac. It cleans megatons of junk and makes computers run faster. The app scans the entire macOS, removes junk and malware, and brings a Mac back to its original fast performance.

CleanMyMac helps users check their Macs for vulnerabilities and find potentially unwanted apps or activities inside the Uninstaller and Malware Removal modules. Malware Removal modules work on the MacPaw-developed engine. It's an anti-malware solution built into CleanMyMac X. It provides real-time monitoring, searches for malware on users' computers, and constantly updates the database of different types of malware that may exist on Macs.

In March 2022, part of SpyBuster's functionality was integrated into CleanMyMac – a new category of apps in the Uninstaller module — Suspicious, if users want to find and uninstall potentially threatening software quickly. In the Suspicious apps category, users can find apps developed or hosted in russia and belarus as they may threaten Mac or data safety.

Starting from July 2023, the Moonlock Engine malware detection technology empowers the Malware Removal module of CleanMyMac X. The Moonlock engine has made malware scanning in CleanMyMac X twice as fast on M1-based Macs and 1.5 times faster on Intel-based computers. Now users can spend even less time hunting down viruses that try to infect their Mac computers. The scan now covers additional locations like external drives, mail attachments, archives, and browser extensions. On top of that, users can configure the scan according to their needs, prioritizing either speed or coverage.

CleanMyMac X is notarized by Apple, which means that the website version of the app was checked by Apple for malicious components, and none have been found.

Setapp

Setapp is the place to pick day-to-day Mac, iOS, and web tools.

At the end of 2021, Setapp achieved SOC 2* Type I certification to ensure users that apps inside the platform are safe. SOC2 certification, or Service Organisation Control (SOC) 2 audit, is a popular auditing standard created to assess a company's compliance with industry-leading standards for managing and securing customers' data. The independent Boulay Group conducted Setapp's audit and affirmed that Setapp's information security policies and practices meet the security trust service principle.

On top of that, Setapp added a Security app collection to help users keep their devices secure and protected from unauthorized access.

At the end of the day, MacPaw follows three simple cybersecurity principles: we understand tomorrow's threats today; we provide cost-effective solutions that protect our customers, products, and company; we innovate to help mitigate cyber risks and be a step ahead of any breach. Thank you for trusting us to protect you.