- Adware Doctor, one of the most popular paid apps for Macs, can bypass MacOS security protocols to secretly copy users’ entire user histories.
- The app was listed as Apple’s fourth “Top Paid” app and cost $4.99.
A highly popular paid MacOS app called Adware Doctor was found secretly stealing users’ entire browser histories and sending it to China. The app, which was ranked fourth on Apple’s App Store “Top Paid” apps and cost $4.99, is capable of bypassing MacOS security protocols to copy a user’s browser history.
Adware Doctor promotes its app as preventing “malware and malicious files from infecting your Mac.” However, according to the well-known Apple security researcher Patrick Wardle, who discovered Adware Doctor’s spyware capabilities, the app breaches users’ privacy and security.
“We tore apart Adware Doctor - one of the top grossing apps in the official Mac App Store. This research (original credit: @privacyis1st) uncovered blatant violations of users' privacy and complete disregard of Apple's App Store Guidelines,” Wardle wrote in a blog. “There is rather a massive privacy issue here. Let’s face it, your browsing history provides a glimpse into almost every aspect of your life.”
App asks for user permissions
Wardle said that Adware Doctor, like other apps, requests permission to legitimately access users’ files.
“Once the user has clicked ‘allow,’ since Adware Doctor requested permission to the user’s home directory, it will have carte blanche access to all the user’s files,” Wardle said. In essence, this not only allowed the app to detect and clean adware, but to “also collect and exfiltrate any user file it so chooses.”
Unfortunately, it took Apple over a month to address the issue. Wardle said that even after he notified Apple about Adware Doctor’s malicious behaviour, the app was still up on the App Store for a month, ranked as the top fourth paid app. However, Apple finally took the app down from its App store.
“The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up! Beyond its mistreatment and blatant disrespect of user data, the fact that Adware Doctor "dances around" the Mac App Sandbox seems to clearly be another violation as well,” Wardle added.
“If Apple is really ‘review[ing] each app before it's accepted by the store’ ... how were these grave (and obvious) violations of this application missed!? It's tempting to wonder if Apple's 30% cut of each sale of this massively popular app has lead to such egregious inaction. And does it not seem that their laudable statements on supporting user privacy, are sadly only words?