Cyber Security

Apple culls “privacy” tool that stole users’ browsing history and sending it to China from App Store

The most popular “privacy” tool in Apple’s Mac App Store that was stealing users’ browsing history and sending it to China has been taken offline from the app store.

Tim Cook: Apple will oppose court order to create Back door into To Unlock San Bernardino Attacker’s iPhone
Tim Cook: Apple will oppose court order to create Back door into To Unlock San Bernardino Attacker’s iPhone

Adware Doctor, that cost $5 as “privacy” tool with a long history of shady activity (including switching off users’ privacy protection!), whose reviews were a long string of obvious fakes was the fourth highest-ranked paid app in the Mac App Store

As new research from Patrick Wardle reveals, Adware Doctor surreptitiously gathers its users’ complete browsing history and exfiltrates it to a mysterious server in China. In a post on his site Objective-See, Wardle explains in great detail how the app collects a user’s browsing history from Chrome, Firefox, or Safari, stores this data within an encrypted file, and then sends it to servers in China.

Twitter user Privacy1st actually discovered the app was stealing user browsing history weeks ago and had reported it to Apple on Aug. 14, but the company didn’t take action until Sept. 7. The $5 Adware Doctor app is supposed “clean” your Mac of, well, adware, by “removing extensions, cookies, caches to restore your browser” but it doesn’t do any of that.

After his findings bubble up online, Apple removed Adware Doctor from the Mac App Store. That said, consider this a PSA for anyone who has the app installed: Uninstall it immediately if you care about your data.

This case also makes you wonder how many other apps in the Mac App Store might be misleading users, pretending to be one thing even though they’re actually spyware.

Apple touts the Mac App Store as “the safest place to download apps for your Mac” and says it “reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store.”

Optional App Stores — like Ubuntu’s Software Center and Android’s Google Play — are handy ways to get curated lists of software, and so long as they don’t overpromise (by guaranteeing that they’ll keep malware out of the store), users have a better chance of understanding the risks they take when they install their offerings. But when an App Store is mandatory — literally the only way to get apps for your device — then the responsibilities placed on the store’s operator get a lot more serious: they have to moderate perfectly, not over- or under-blocking. No one is perfect. More from Mashable & Wired

Leave a Reply