Mac App Store App 'Adware Doctor' Discovered Stealing User Browsing History [Update: Removed]

[NoBoMac]

Apple has pulled it.

Re: how it got through, as others mentioned, it takes quite a bit of work to deep dive into a program analysis. And could be something along the lines of Diesel-gate or Benchmark-gate where the software can detect running in a test mode, in a sandbox, and thus hides their true intent. Also one of the recent year virii that did not activate when it sensed it was not running on a user's machine.

 

[swingerofbirch]

I feel like the Mac App Store has degraded the Mac software field.

First time Mac users use it and get tricked and get junk like this that no one on a Mac needs. Apple used to advertise the fact that you didn't need software like this for a Mac.

And long-time developers have to change their programs to work with the Mac app store.

Also I used to be much more likely to buy third party software when a developer offered a trial on their site, but when you're just redirected to the Mac App Store and have to take a gamble paying the full-cost upfront I've found I'm much less likely to try it out.

A lot of the software on the Mac app store just doesn't have that same feeling of quality of apps of the past. Plus Web and browser have become a pretty amazing place to run software. It's harder to justify stand-alone apps for a lot of needs.

Apple seems to have this perseveration that if the App Store worked well on iOS, it has to work well everywhere else (TV, Watch, and Mac). You can see on the Watch it was always kind of a crazy idea (and why did they do it on the first release--whereas with the iPhone they took their time before releasing an SDK). The TV thing never took off with apps. And the Mac App Store is probably the worst of all because it's negatively affected the landscape of apps that weren't on the App Store along with the ones that have had to make compromises to get on, plus creating a whole new class of junk Mac apps like this one that I don't really recall existing before.

 

[jclardy]

How did a garbage app like that reach #5 paid in the app store? My guess is they must have bought installs/reviews - getting up there doesn't require a huge amount of cash since the Mac App store is still terrible.

 

[GaryMumford]

Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?

iOS? this is MacOS

 

[kagharaht]

Has anyone use "Antivirus - ZAP"? Since this story, I'm now worried of having this app and have used it a few times to remove Adwawre and Malware... I wonder if this is a "bad" app https://antiviruszap.com

 

[brofkand]

How did a garbage app like that reach #5 paid in the app store? My guess is they must have bought installs/reviews - getting up there doesn't require a huge amount of cash since the Mac App store is still terrible.

I think it is a lot of Windows switchers who are trained to use these types of apps, since they never learned proper internet hygiene and have always used stuff like this on Windows to save them from themselves.

 

[theSpringZone]

Russians.

 

[macintoshmac]

There's big money in these types of apps. Many Windows switchers buy them because they never learned proper internet hygiene and are trained to think they're needed. Even Mac Rumors did a story on Mac Cleaner the other day because they get a spiff. Apple stores sold antivirus software on their shelves for years.

Mac Cleaner may or may not send your data to China like this one does, but it's still a useless app that's a waste of money.

There is sense in having an antivirus software on the Mac. There can be viruses in emails and attachments that won't be a nuisance to your Mac but if passed on to others with Windows, will be. An antivirus will stop that from happening.

 

[brian3uk]

The Mac App store is embarrassingly bad. A walled garden it might be, but that garden is full of trash.

 

[acader]

Or it could be Mark Zuckerberg! Make it look like China or whoever, but if you follow the trail, it ends with Mark Zuckerberg I bet . Just as much reason to believe that, wouldn't you say? I mean nobody needs any proof - so pick a theory, any theory.

The conspiracy theory is that Mark Zuckerberg also has a chinese connection!!!

 

[travelsheep]

I would have thought that "Video Rewinder" (a software that rewinds videos to the beginning after having watched them) would have made the #1, but "Adware Doctor" also makes sense. Gov shouldn't have poured fluorine into tap water.

 

[wordsworth]

Hmm. This got me worried about my AdGuard extension. While it was convenient and useful, I'm now more concerned about my security and privacy and so I've deleted it. I was wary when I installed it but the ads were driving me crazy at the time and I hoped that Apple's 'secure' App Store system would be sufficient. So much for that.

 

[MadDawg2020]

Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?

Its MacOS but same difference I guess.

 

[bobbie424242]

Adware Doctor was just was the doctor ordered. Good guy doctor. Always trust doctors.

 

[CreeptoLoser]

It’s an extremely bad idea to install ANY app that has been made under such regimes if you don’t know the developer’s relationship with authorities or what they are using your data for. We know there are oppressive regimes that collect vast amounts of data on global citizens and this must absolutely be stopped.

I mean it’s bad enough they need your data in the first place.

Operating systems should have the ability to inform users if suspicious activity is detected, either your data sent somewhere you have not consented to or someone trying to get into your system.

Operating systems don’t have these features in these modern times when they are needed most.

 

[brofkand]

There is sense in having an antivirus software on the Mac. There can be viruses in emails and attachments that won't be a nuisance to your Mac but if passed on to others with Windows, will be. An antivirus will stop that from happening.

I used to use that when I worked at a computer retailer. Of course back then normal people actually used email clients. Nowadays most people use web apps for email (or their phone) and I know gmail.com scans attachments automatically. I can't remember the last time I got a virus in an email attachment anyway. Had to be 10 years ago, at least.

 

[Bacillus]

This is why I have been using Little Snitch for as long as I can remember. It's not just for pirates, I want to know what is being transmitted to and from my computer.

Please explain that to Phil the Shill and motivate him to use his courage to filter the Appstore from adverse elements...

 

[Solomani]

OK so Apple banned them from the App Store. But this Chinese company's intentional act to steal and pilfer customers' data is possibly criminal….. according to recent laws such as the European Union's GDPR. I'd love for some lawyer from that side try to pursue litigation to run these thugs out of business.

But then again, the company originates from China…. where privacy laws are sketchy to non-existent.

 

[zeram1]

But wait, isn't China one of Tim's favourite countries to do business with/in?

 

[mwd25]

It's a Mac app, not an iOS app. There are tools that give performance metrics about disk and network activity, but how would the OS possibly monitor what Apps are doing at the file level? The system would be useless if the OS was constantly doing that level of monitoring, not to mention the OS has no concept of context, i.e. it doesn't know if files contain sensitive data or not.

Ultimately, Apple can only do so much to vet Apps in the App Store, Mac or iOS. Apple doesn't have the source code for each app, and that's the only way they can *really* discover everything the app is doing. Even if they did have source code, they couldn't possibly review every app (and every update to the app) simply because of the time and effort involved (think in terms of many months and many hundreds of skilled staff).

Which is why I would give Apple a pass, contingent on its immediate removal when its brought to their attention. Apple has got a great resource in tech researchers willing to do this kind of stuff. Additionally they have the bounty program in place. All that is useless if, when a security issue is brought to their attention, they dont take action ASAP. Apple dropped the ball on this, its that simple. They shouldn't have to be exposed in the media and then pressured into or essentially shamed into taking action.

 

[trifid]

Issue was reported a month ago?!!!

Apple falling asleep as usual.

 

[macjonny1]

Funny how you have a company that makes billions and billions of dollars can't find the time to investigate this. Complete lack of integrity.

 

[Solomani]

Issue was reported a month ago?!!!

Apple falling asleep as usual.

Well. The report was probably submitted via email…. and it was far backlogged behind 50,000 other email rants asking "Where The Hell Is The Updated Mac Mini!", etc. So it took Apple at least one month to finally get to and realize that the Adware Doctor email/alert was a priority message.

 

[macintoshmac]

I used to use that when I worked at a computer retailer. Of course back then normal people actually used email clients. Nowadays most people use web apps for email (or their phone) and I know gmail.com scans attachments automatically. I can't remember the last time I got a virus in an email attachment anyway. Had to be 10 years ago, at least.

I used to think that gmail scans are good enough. Just a couple of months ago I received an email from a client long back, asking me if I would like to work again, and there was an attachment. My antivirus software flagged it down. I use Outlook 2016 on the Mac. The email was received from gmail, and I checked on the gmail website, Gmail allowed me to download that attachment - it was somehow not able to find anything wrong with it.

There are exceptions, and it is better to be safe than sorry. The client later on confirmed that somehow his account was hacked or something and it was spamming everyone on his list.

 

[mdnz]

Mac and iOS apps should only be submitted as source code. Apple should then compile them to earn their 30%.

Yeah and watch the review time move from 2-3 days to 2-3 months.