Click to Skip Ad
Closing in...
  1. AirPods Pro Prime Day Deal
    11:46 Deals

    AirPods Pro are back in stock at Amazon after selling out – and they’re $52 off

  2. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  3. Amazon Deals
    07:57 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat deal, $6 Kasa smart plugs, Instant Pot accessories, more

  4. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

  5. Best Prime Day Apple Deals
    12:00 Deals

    Amazon Prime Day 2021: Best Apple deals

A top macOS app is stealing users’ browsing history and sending it to China

September 7th, 2018 at 2:24 PM
macOS app store adware doctor

One of the oldest and most transparent malware tricks is the fake antivirus program, which gullible users are prompted to download with panicked banner ads and a dubious email from the FBI that “your cybers are infected and need cleaning.” It’s the malware equivalent of George Clooney’s crew turning up dressed as the cops in the Oceans movies, and normally, it only works for people still running Windows XP.

But according to a former NSA hacker turned security researcher, an app called Adware Doctor — which is the top-grossing paid app in the Utilities section of the Mac App Store — is secretly pilfering users’ browsing history without telling them. If his report (via TechCrunch) is accurate, Apple has known about the malicious behavior for weeks, but it still hasn’t done anything about it.

Patrick Wardle, the aforementioned security researcher, published a report into Adware Doctor on his blog. He credits Twitter user Privacy 1st with noticing the problem, but he conducts a thorough analysis to discover how Adware Doctor steals your browsing history, and where it sends the data to.

According to his analysis, Adware Doctor jumps through a number of hoops to steal and then upload your browser history from Chrome, Safari, and Firefox; the data is then compressed and set to a server in China, where something is done with it. This, as he clearly explains, is all unethical behavior:

At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user.

Beyond its mistreatment and blatant disrespect of user data, the fact that Adware Doctor “dances around” the Mac App Sandbox seems to clearly be another violation as well. For example, that fact that Apple blocks the invocation of ps illustrates the fact that sandboxed applications should not be enumerating running processes from within the sandbox. If an application developer finds away around this, this is still a violation.

More worrying than the specific abuse here is how Adware Doctor managed to sneak its malevolent intentions through Apple’s supposedly-watertight security. Apple is famously fanatical about its “walled garden” of apps, and every app that is available for download through Apple’s official stores has — in theory! — been vetted to make sure it complies with Apple’s rules. Not only did Adware Doctor make it through the review process, but Apple still doesn’t appear to have taken any action to remove the app from its store, even though Wardle said he informed Apple about its behavior a month ago.

Popular News