By the things that are said about Apple and its app stores, both macOS and iOS, it would be easy to think that they’re on top of everything. They’re always limiting apps, deleting apps that don’t have certain protections, etc. But somehow spyware disguised as anti-malware, Adware Doctor, was allowed into the Mac App Store.
And this wasn’t just any app in the Mac App Store – Adware Doctor was one of the top paid utilities. The app said it would protect your Mac from malware. At just $5, the offering sounded great.
But it was really spyware disguised as anti-malware. Security researchers found that Adware Doctor was collecting users’ browsing history on Safari, Chrome, and Firefox, and it would then send that data to a server based in China.
This app had a history with Apple as well. Originally it was named “Adware Medic,” but it seemed to be intentionally trying to mimic “AdwareMedic,” an app that Malwarebytes acquired. Apple eliminated the impostor.
But the app came back with the name of Adware Doctor, and Apple allowed it this time. It managed to earn many five-star reviews, but the legitimacy of the reviews is in question.
Along with giving away users’ browsing history, Adware Doctor also had access to iTunes search history and the other apps that were installed on users’ Macs. It didn’t have to deal with the sandbox protections on the Mac because it was supposed to be scanning your system for spyware and malware.
Malicious Behavior Discovered
According to 9to5 Mac, Patrick Wardle, a security researcher with Privacy 1st, said he notified Apple of the malicious behavior of the app. Multiple tech outlets reported on the app’s behavior, and Apple finally removed the app for the second time on September 7.
Wardle found that the first time the app was run, it was requesting universal access. This allowed it to get information found on other apps, such as Safari browsing history.
Interestingly enough, his research showed that the app really does clear adware from your browser, and the app has stopped collecting data. 9to5 Mac says the Chinese server is now offline, but it could always go back online.
According to Apple, MacOS Mojave will bring new privacy protections that will prevent apps such as Adware Doctor from accessing Safari browsing history.
Despite the fact the app was eventually removed from the Mac App Store, the problems with it should still make Mac users wary. There were 6,000 positive reviews. If you were trying to do your homework and checked out the reviews, you’d think it was a great app. They scammed the system as well as the users.
Additionally, Thomas Reed, director of Mac and mobile at Malwarebytes, says they have worked with Apple in the past to remove fake apps. The problem is that they often reappear with a new version and a new name.
“It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be,” he said.
What do you think Apple should do to fix this problem, to eliminate the possibility of malicious and/or fake apps being available for downloading? Let us know your suggestions in the comments section below.