Leave a comment

Top app in Apple Store steals your browser history and sends it to China

Top app in Apple Store steals your browser history and sends it to China

When it comes to computers and devices, we generally trust Apple, right? We believe that not only will their products be of a high quality, but that they will be safe for us to use.

The same generally goes for what we can download from their App Store; even if they are not made by Apple, we have an expectation that if it is available there, there should be nothing to worry about.

But apparently that is not the case, at least when it comes to one of the apps that could be downloaded. And downloaded it was, sitting near the top of the list for paid utilities apps.

It's that popular? Oh, this isn't good

The app in question is Adware Doctor, which said it was there to prevent malware and malicious files from infecting your Mac, all for just $4.99. It was adorned with many positive reviews, lending even more credibility.

It also said it was one of the best apps for dealing with malware and bad files, which all sounds good except for the fact that it did more than that -- and in the overachieving way.

Without the knowledge of those who downloaded it, Adware Doctor was taking their browser history -- along with a record of apps you have downloaded and their source -- and downloading that information into a ZIP archive before sending it to servers in China.

The issue was brought to light last month by Twitter user @privacyis1st, who tweeted a video (above) explaining what was discovered and then investigated it with security researcher Patrick Wardle.

From there, Wardle, who wrote about it for his blog Objective-See.com, found that Adware Doctor was able to get around Apple's sandboxing features in order to steal the histories from Chrome, Firefox and Safari.

Given its stated function as an app, Adware Doctor would legitimately need access to the files and directories, but once the user clicks to allow it to work, it will have free rein to do pretty much whatever it likes.

The program does what it says it will, finding and cleaning up adware. If that's all it did, that would be great. But of course, it doesn't stop there.

Indeed, it's a violation of the App Store's rules

Not surprisingly, Adware Doctor's secondary role would seem to be a violation of not only peoples' privacy, but also Apple's App Store Guidelines. Yet at the time this became well known, which was a month after it was first discovered, the app was still available to be purchased.

That's not to say Apple isn't aware of the issue. The researchers behind the discovery reached out to the company in early August, and at the time said they could only share communications about an app with the developer behind it and therefore would not provide updates on the matter.

What you can do

The app is no longer available in the App Store. If you've downloaded this app, delete it. As for the browsing history it sent, there isn't much you can do now. But you may be able to prevent future problems like this.

If you did buy the app, go to your iTunes Account Settings and request a refund and get your money back.

 

A government website exposed Social Security numbers, personal info

Issues with online information are rampant, and not likely to be stopped anytime soon. The latest problem impacted not a business, but the United States government. Tap or click here for more.

Next Story
Source: Engadget
Popular spying app leaks millions of sensitive records
Previous Happening Now

Popular spying app leaks millions of sensitive records

Ant trapped inside monitor drives DJ crazy
Next Happening Now

Ant trapped inside monitor drives DJ crazy

View Comments ()