Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Mac App Store App 'Adware Doctor' Discovered Stealing User Browsing History [Update: Removed]
The number one top-selling paid Utilities app on the Mac App Store in the United States has been found to steal the browser history of anyone who downloads it, and is still on the App Store as of this article. A video posted in August gave a proof of concept to how the app "Adware Doctor" steals user data, and security researcher Patrick Wardle has now looked into the app and shared his findings with TechCrunch.
Adware Doctor's Mac App Store page says it will "keep your Mac safe" and "get rid of annoying pop-up ads." Besides being at the top of the Utilities chart on the Mac App Store, Adware Doctor is also currently the number five top paid app on the entire store in the U.S., behind apps like Notability and Apple's own Final Cut Pro.
In his blog post, Wardle explains that Adware Doctor withdraws sensitive user data -- predominantly any website you've searched for and browsed on -- and sends it to servers in China run by the app's makers. Apple was contacted a month ago -- around the time the original proof of concept video was shared online -- and promised it would investigate, but the $4.99 app remains on the Mac App Store.
TechCrunch gave an overview of Wardle's findings:
Given the app violates numerous App Store Rules and Guidelines, namely including user consent on data collection, Wardle hopes that the increased spotlight on Adware Doctor's nefarious data collecting will make Apple take action. Even though Mac App Store customers who used the app would never be able to get their private browsing history back, the researcher says that Apple could begin to address the situation "by pulling the app and refunding all affected users."
Update 8:52 a.m. PT: Apple confirmed that Adware Doctor has been removed from the Mac App Store, along with the developer's other app "AdBlock Master."
Adware Doctor's Mac App Store page says it will "keep your Mac safe" and "get rid of annoying pop-up ads." Besides being at the top of the Utilities chart on the Mac App Store, Adware Doctor is also currently the number five top paid app on the entire store in the U.S., behind apps like Notability and Apple's own Final Cut Pro.
In his blog post, Wardle explains that Adware Doctor withdraws sensitive user data -- predominantly any website you've searched for and browsed on -- and sends it to servers in China run by the app's makers. Apple was contacted a month ago -- around the time the original proof of concept video was shared online -- and promised it would investigate, but the $4.99 app remains on the Mac App Store.
TechCrunch gave an overview of Wardle's findings:
Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox, and Safari browsers.Towards the end of his post, Wardle discussed the ramifications of Adware Doctor and the privacy issue it presents, stating, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f----- up!" The researcher also points out that Apple itself touts the Mac App Store as "the safest place to download apps for your Mac," which is often true.
Wardle found that the app, thanks to Apple’s own flawed vetting, could request access to the user’s home directory and its files. That isn’t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user’s files to scan for problems. When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can “collect and exfiltrate any user file,” said Wardle.
Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.
Given the app violates numerous App Store Rules and Guidelines, namely including user consent on data collection, Wardle hopes that the increased spotlight on Adware Doctor's nefarious data collecting will make Apple take action. Even though Mac App Store customers who used the app would never be able to get their private browsing history back, the researcher says that Apple could begin to address the situation "by pulling the app and refunding all affected users."
Update 8:52 a.m. PT: Apple confirmed that Adware Doctor has been removed from the Mac App Store, along with the developer's other app "AdBlock Master."
Tag: Mac App Store
[ 160 comments ]
Top Rated Comments
(View all)
12 months ago
And that is what happens when you install a security software in a system that doesn't really need one.
12 months ago
Don't worry. Apple will always do the right thing.
Eventually. Either under penalty of the law, or due to public shaming.
Eventually. Either under penalty of the law, or due to public shaming.
12 months ago
Why does the Mac App Store still exist? It only has ****** scam apps and nothing that you actually need. Furthermore, you’re supposed to trust the App Store, because it’s “curated”, but then this kind of stuff happens. It would be better if Apple simply posted a “Gallery” of apps, like they do for safari extensions.
12 months ago
Well this is certainly embarrassing for Apple. Especially since they were told about it and have done nothing about it.
12 months ago
This is why I have been using Little Snitch for as long as I can remember. It's not just for pirates, I want to know what is being transmitted to and from my computer.
12 months ago
Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?
Chinese software, who could have imagined it being a security issue!
As if the states is any better.:rolleyes:
12 months ago
Perhaps this is just confirmation bias, but every time I hear "China" and "Privacy" it isn't good. Also, why can't iOS have internal checks to tell you what apps are doing and what data they are accessing?
[ Read All Comments ]
Tennessee State University last week launched the HBCU C2 Presidential Academy, a new initiative that's designed to expose students of color to coding and app development, reports The...
Apple has asked the Trump administration to exclude components for the new Mac Pro and various accessories like the Magic Mouse and Magic Trackpad from being subject to a 25 percent tariff on Chinese...
Apple Maps vehicles will begin surveying Germany next week, through mid-September, according to the Frankfurter Allgemeine.
The data collected, such as road details, signage, and landmarks,...
Since its introduction with iOS 7, AirDrop has become the favored means for iPhone and iPad users to instantly share photos, videos, documents, and more to nearby Apple devices over Wi-Fi and...
Twelve South today launched a new product called the "StayGo," which is a portable hub that connects to USB-C MacBooks and MacBook Pros.
Note: MacRumors is an affiliate partner with...
The team behind Pixelmator Pro today released a major update for the photo editing app, introducing useful new capabilities that make it easier than ever to edit your photos.
There's now a...
Television maker LG says that updates will soon arrive that make HomeKit and AirPlay 2 available on supported TVs.
LG's Australian support account on Twitter responded to a customer query...
Alongside the launch of iOS 12.4, Apple today released new versions of iOS 9.3.6 and iOS 10.3.4 for older iPhones and iPads that aren't able to run iOS 12.4.
The iOS 9.3.6 update is...
