Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,042
13,657



The number one top-selling paid Utilities app on the Mac App Store in the United States has been found to steal the browser history of anyone who downloads it, and is still on the App Store as of this article. A video posted in August gave a proof of concept to how the app "Adware Doctor" steals user data, and security researcher Patrick Wardle has now looked into the app and shared his findings with TechCrunch.

adware_doctor_mas.jpg

Adware Doctor's Mac App Store page says it will "keep your Mac safe" and "get rid of annoying pop-up ads." Besides being at the top of the Utilities chart on the Mac App Store, Adware Doctor is also currently the number five top paid app on the entire store in the U.S., behind apps like Notability and Apple's own Final Cut Pro.

In his blog post, Wardle explains that Adware Doctor withdraws sensitive user data -- predominantly any website you've searched for and browsed on -- and sends it to servers in China run by the app's makers. Apple was contacted a month ago -- around the time the original proof of concept video was shared online -- and promised it would investigate, but the $4.99 app remains on the Mac App Store.

TechCrunch gave an overview of Wardle's findings:
Wardle found that the downloaded app jumped through hoops to bypass Apple's Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user's browser history on Chrome, Firefox, and Safari browsers.

Wardle found that the app, thanks to Apple's own flawed vetting, could request access to the user's home directory and its files. That isn't out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user's files to scan for problems. When a user allows that access, the app can detect and clean adware -- but if found to be malicious, it can "collect and exfiltrate any user file," said Wardle.

Once the data is collected, it's zipped into an archive file and sent to a domain based in China.
Towards the end of his post, Wardle discussed the ramifications of Adware Doctor and the privacy issue it presents, stating, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f----- up!" The researcher also points out that Apple itself touts the Mac App Store as "the safest place to download apps for your Mac," which is often true.

Given the app violates numerous App Store Rules and Guidelines, namely including user consent on data collection, Wardle hopes that the increased spotlight on Adware Doctor's nefarious data collecting will make Apple take action. Even though Mac App Store customers who used the app would never be able to get their private browsing history back, the researcher says that Apple could begin to address the situation "by pulling the app and refunding all affected users."

Update 8:52 a.m. PT: Apple confirmed that Adware Doctor has been removed from the Mac App Store, along with the developer's other app "AdBlock Master."

Article Link: Mac App Store App 'Adware Doctor' Discovered Stealing User Browsing History [Update: Removed]
 
  • Like
Reactions: iamtheonlyone4ever

weup togo

macrumors 6502
May 6, 2016
355
1,234
"Adware Doctor is also currently the number five top paid app on the entire store in the U.S."

Why would they kill the golden goose? They get paid $1.50 every time someone downloads it, which is pure profit.
 
Comment

polee

macrumors 6502a
Jul 22, 2008
606
251
This is scary. How would we be able to protect ourselves from such infringements? Are there any safeguards around.
 
Comment

justperry

macrumors G4
Aug 10, 2007
11,505
8,048
I'm a rolling stone.
Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?

Chinese software, who could have imagined it being a security issue!

As if the states is any better.:rolleyes:
 
Comment

Logic368

macrumors member
Oct 17, 2011
74
260
Why does the Mac App Store still exist? It only has ****** scam apps and nothing that you actually need. Furthermore, you’re supposed to trust the App Store, because it’s “curated”, but then this kind of stuff happens. It would be better if Apple simply posted a “Gallery” of apps, like they do for safari extensions.
 
Comment

Scooz

Suspended
Apr 9, 2012
339
347
"Adware Doctor is also currently the number five top paid app on the entire store in the U.S."

Why would they kill the golden goose? They get paid $1.50 every time someone downloads it, which is pure profit.

Funny, I wondered why they only took the browser histories then...
 
Comment

fairuz

macrumors 68020
Aug 27, 2017
2,486
2,589
Silicon Valley
Apple should have categorically banned any "antivirus" apps from the MAS when it was first launched. They're useless and invasive. Really you shouldn't hand over so much control to a closed-source app no matter what its purpose (can't be audited), especially from this random dev in China.
 
Last edited:
Comment

NoFace1006

macrumors newbie
Oct 2, 2017
10
28
United Kingdom
Why would they kill the golden goose? They get paid $1.50 every time someone downloads it, which is pure profit.

You clearly have no idea of how businesses work nor how the Mac App Store works. The $1.50 that Apple receives is not pure profit, there are card processing fees, hosting and other expenses to be taken out of Apple's cut. Their profit is less than you might think.
 
Comment

Bornee35

macrumors 6502
May 6, 2013
458
1,386
Canada
You clearly have no idea of how businesses work nor how the Mac App Store works. The $1.50 that Apple receives is not pure profit, there are card processing fees, hosting and other expenses to be taken out of Apple's cut. Their profit is less than you might think.
he's talking about the company tanking a profitable app by stealing info

edit: I read that incorrectly.
 
  • Like
Reactions: Shadow%20Mac
Comment

Schranke

macrumors 6502a
Apr 3, 2010
958
1,006
Copenhagen, Denmark
There are only a few of the apps I use which comes from MAS. I am happy that developers continue to host the apps themself and even sometimes offers to turn your MAS purchases into a standalone license.

The MAS is a poor attempt to curate and gather application for MacOS the same way they did for iOS, but there it to much crap (on both of them) due to developpers ease of promoting bad products and marginalise any great apps 10 to 1.
I am much more thankful for forums when it comes to finding apps then MAS, and unless apple makes some huge changes to it, I will continue to go to developers instead of getting things on the MAS
 
Comment

luvbug

macrumors 6502a
Aug 11, 2017
552
1,471
Getting closer every day!
Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?
It's a Mac app, not an iOS app. There are tools that give performance metrics about disk and network activity, but how would the OS possibly monitor what Apps are doing at the file level? The system would be useless if the OS was constantly doing that level of monitoring, not to mention the OS has no concept of context, i.e. it doesn't know if files contain sensitive data or not.

Ultimately, Apple can only do so much to vet Apps in the App Store, Mac or iOS. Apple doesn't have the source code for each app, and that's the only way they can *really* discover everything the app is doing. Even if they did have source code, they couldn't possibly review every app (and every update to the app) simply because of the time and effort involved (think in terms of many months and many hundreds of skilled staff).
 
Comment

Edsel

macrumors 6502
Mar 18, 2010
413
490
Over There
"Wardle hopes that the increased spotlight on Adware Doctor's nefarious data collecting will make Apple take action."

Therein lies the conundrum for Apple. Apple's investment in China is huge and with the U.S. President throwing around new Asian trade barriers, I can see why Apple is slow to react. All Chinese servers are government servers.
 
  • Like
Reactions: zzu
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.