Mac App Store App 'Adware Doctor' Discovered Stealing User Browsing History [Update: Removed]

The number one top-selling paid Utilities app on the Mac App Store in the United States has been found to steal the browser history of anyone who downloads it, and is still on the App Store as of this article. A video posted in August gave a proof of concept to how the app "Adware Doctor" steals user data, and security researcher Patrick Wardle has now looked into the app and shared his findings with TechCrunch.

adware doctor mas
Adware Doctor's Mac App Store page says it will "keep your Mac safe" and "get rid of annoying pop-up ads." Besides being at the top of the Utilities chart on the Mac App Store, Adware Doctor is also currently the number five top paid app on the entire store in the U.S., behind apps like Notability and Apple's own Final Cut Pro.

In his blog post, Wardle explains that Adware Doctor withdraws sensitive user data -- predominantly any website you've searched for and browsed on -- and sends it to servers in China run by the app's makers. Apple was contacted a month ago -- around the time the original proof of concept video was shared online -- and promised it would investigate, but the $4.99 app remains on the Mac App Store.

TechCrunch gave an overview of Wardle's findings:

Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox, and Safari browsers.

Wardle found that the app, thanks to Apple’s own flawed vetting, could request access to the user’s home directory and its files. That isn’t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user’s files to scan for problems. When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can “collect and exfiltrate any user file,” said Wardle.

Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.

Towards the end of his post, Wardle discussed the ramifications of Adware Doctor and the privacy issue it presents, stating, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f----- up!" The researcher also points out that Apple itself touts the Mac App Store as "the safest place to download apps for your Mac," which is often true.

Given the app violates numerous App Store Rules and Guidelines, namely including user consent on data collection, Wardle hopes that the increased spotlight on Adware Doctor's nefarious data collecting will make Apple take action. Even though Mac App Store customers who used the app would never be able to get their private browsing history back, the researcher says that Apple could begin to address the situation "by pulling the app and refunding all affected users."

Update 8:52 a.m. PT: Apple confirmed that Adware Doctor has been removed from the Mac App Store, along with the developer's other app "AdBlock Master."

Top Rated Comments

themcfly Avatar
32 months ago
And that is what happens when you install a security software in a system that doesn't really need one.
Score: 62 Votes (Like | Disagree)
Bornee35 Avatar
32 months ago


Attachment Image
Score: 31 Votes (Like | Disagree)
Jimmy James Avatar
32 months ago
Why does it always have to be a server in China?
Score: 22 Votes (Like | Disagree)
Trusteft Avatar
32 months ago
Chinese software, who could have imagined it being a security issue!
Score: 21 Votes (Like | Disagree)
stevie grant Avatar
32 months ago
Don't worry. Apple will always do the right thing.

Eventually. Either under penalty of the law, or due to public shaming.
Score: 20 Votes (Like | Disagree)
Logic368 Avatar
32 months ago
Why does the Mac App Store still exist? It only has ****** scam apps and nothing that you actually need. Furthermore, you’re supposed to trust the App Store, because it’s “curated”, but then this kind of stuff happens. It would be better if Apple simply posted a “Gallery” of apps, like they do for safari extensions.
Score: 18 Votes (Like | Disagree)

Top Stories

jon prosser imac 2021colors

Prosser: 2021 iMac to Come in Five Colors, Apple Silicon Mac Pro to Resemble 'Stacked' Mac Minis

Wednesday February 24, 2021 7:26 am PST by
Hit-and-miss leaker Jon Prosser has today alleged that the upcoming 2021 iMac models will offer five color options, mirroring the colors of the fourth-generation iPad Air, and revealed a number of additional details about the Mac Pro with Apple Silicon. In a new video on YouTube channel FrontPageTech, Prosser explained that the redesigned iMacs will come featuring options for Silver, Space ...
First Look Big Sur Feature2

Apple Releases macOS Big Sur 11.2.2 to Prevent MacBooks From Being Damaged by Third-Party Non-Compliant Docks

Thursday February 25, 2021 10:07 am PST by
Apple today released macOS Big Sur 11.2.2, the fourth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.2 comes two weeks after the release of macOS Big Sur 11.2.1, a bug fix update. The new ‌‌‌‌macOS Big Sur‌‌‌ 11.2.2‌ update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences....
microsoft edge ios android

Bill Gates Says His Preference for Android Over iPhone is Due to Pre-Installed Software

Friday February 26, 2021 3:35 am PST by
Microsoft co-founder Bill Gates this week participated in his first meeting on Clubhouse, the increasingly popular invite-only conversation app, where he fielded a range of questions as part of an ongoing book tour. Gates was interviewed by journalist Andrew Ross Sorkin, and given that the Clubhouse app is currently only available on iOS, naturally one of the questions that came up was...
flat mbp 14 inch feature yellow

Redesigned 14-Inch MacBook Pro Expected to Feature Brighter Mini-LED Display With Slimmer Bezels and More

Thursday February 25, 2021 7:48 am PST by
Apple plans to unveil new 14-inch and 16-inch MacBook Pro models with Mini-LED-backlit displays in the second half of this year, according to industry sources cited by Taiwanese supply chain publication DigiTimes. The report claims that Radiant Opto-Electronics will be the exclusive supplier of the Mini-LED backlight units, while Quanta Computer is said to be tasked with final assembly of the...
m1 mac mini

M1 Mac Users Report Excessive SSD Wear

Tuesday February 23, 2021 7:07 am PST by
Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives (via iMore). Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are sai...
steam apple logo

Valve Ordered to Give Apple Information on 436 Steam Games As Part of Epic Games Legal Case

Thursday February 25, 2021 1:50 am PST by
Valve, the makers behind popular game distribution platform Steam, will be forced to hand over aggregate historical sales, price, and other information on 436 games hosted on the store to Apple, as part of the Apple vs. Epic Games antitrust case. As reported in a paywalled report by Law360, during a virtual discovery hearing on Wednesday, U.S. Magistrate Judge Thomas S. Hixson ordered that...
2021 mbp sd slot feature2

Kuo: New MacBook Pro Models With HDMI Port and SD Card Reader to Launch Later This Year

Monday February 22, 2021 8:52 pm PST by
Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors. The return of an SD card reader was first reported by Bloomberg's Mark Gurman last month. "We predict that Apple's two new MacBook Pro models in 2H21 will have...
apple store macarthur center

Apple Store at MacArthur Center in Virginia Permanently Closing Following Years of Safety Issues at Shopping Mall

Thursday February 25, 2021 4:45 pm PST by
Apple today indicated that its retail store at the MacArthur Center shopping mall in Norfolk, Virginia will be permanently closing after over 14 years of business, although an exact closure date has yet to be announced by the company. Apple has assured that it will be offering all employees at the store other positions within Apple, and said that it looks forward to continuing to serve...
qualcomm snapdragon x60 5g

iPhone 13 Lineup Expected to Use Qualcomm's Snapdragon X60 Modem With Several 5G Improvements

Wednesday February 24, 2021 8:10 am PST by
Apple's next-generation iPhone 13 lineup will use Qualcomm's Snapdragon X60 5G modem, with Samsung to handle manufacturing of the chip, according to DigiTimes. Built on a 5nm process, the X60 packs higher power efficiency into a smaller footprint compared to the 7nm-based Snapdragon X55 modem used in iPhone 12 models, which could contribute to longer battery life. With the X60 modem, iPhone...
anker magsafe powercore battery pack

Anker Releases MagSafe-Compatible Battery Pack for iPhone 12 Lineup

Tuesday February 23, 2021 7:49 am PST by
Following rumors that Apple is working on a MagSafe battery pack for iPhone 12 models, popular accessory maker Anker has beaten Apple to the punch with the release of its PowerCore Magnetic 5K Wireless Power Bank. First previewed at CES 2021, the PowerCore battery pack magnetically attaches to the back of any iPhone 12 model and provides 5W of wireless charging. With a 5,000 mAh capacity,...