Apple has finally removed a popular anti-malware program called Adware Doctor from the Mac App Store for allegedly stealing user data, almost a month after an unidentified cyber-security researcher, who goes by @privacy1st on Twitter, first contacted the company with their concerns regarding the software. According to the researcher, the program was collecting users’ browsing history on the sly and sending them over to servers in China.
What is sad is that it was reported by me on 12th of August and Apple didn't even care… Attached are email screenshots pic.twitter.com/v6G783h1rA
— Privacy 1st (@privacyis1st) September 7, 2018
Privacy 1st also made a proof-of-concept video detailing suspicious behavior in the app, following which, cyber-security researchers Patrick Wardle of Digita Security and Thomas Reed of Malwarebytes independently investigated it, and found the claims to be valid.
According to their investigation, Adware Doctor used its elevated permissions to collect the browsing data from Chrome, Safari and Firefox, and send them to a server in China via ‘adscan.yelabapp.com’ as part of a zipped filed called ‘history.zip’.
Prior to its removal, the app was priced at $5, and was the number one paid app in its category on the platform. It described itself as a security software that’s designed to “prevent malware and malicious files from infecting your Mac”, but as it apparently turns out, only used its supposed anti-adware credentials as a cover to bypass Apple’s sandboxing and gain access to users’ home directory.
Apple hasn’t yet issued an official statement on the removal of Adware Doctor from the Mac App Store, but the software is believed to have violated the company’s “Data Collection and Storage“ guidelines, which warn developers that they “may not use, transmit, or share someone’s personal data without first obtaining their permission”. The guidelines further state that, “Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law”.
