When it comes to computers and devices, we generally trust Apple, right? We believe that not only will their products be of a high quality, but that they will be safe for us to use.
The same generally goes for what we can download from their App Store; even if they are not made by Apple, we have an expectation that if it is available there, there should be nothing to worry about.
But apparently that is not the case, at least when it comes to one of the apps that could be downloaded. And downloaded it was, sitting near the top of the list for paid utilities apps.
It’s that popular? Oh, this isn’t good
The app in question is Adware Doctor, which said it was there to prevent malware and malicious files from infecting your Mac, all for just $4.99. It was adorned with many positive reviews, lending even more credibility.
It also said it was one of the best apps for dealing with malware and bad files, which all sounds good except for the fact that it did more than that — and in the overachieving way.
Without the knowledge of those who downloaded it, Adware Doctor was taking their browser history — along with a record of apps you have downloaded and their source — and downloading that information into a ZIP archive before sending it to servers in China.
The issue was brought to light last month by Twitter user @privacyis1st, who tweeted a video (above) explaining what was discovered and then investigated it with security researcher Patrick Wardle.
From there, Wardle, who wrote about it for his blog Objective-See.com, found that Adware Doctor was able to get around Apple’s sandboxing features in order to steal the histories from Chrome, Firefox and Safari.
Given its stated function as an app, Adware Doctor would legitimately need access to the files and directories, but once the user clicks to allow it to work, it will have free rein to do pretty much whatever it likes.
The program does what it says it will, finding and cleaning up adware. If that’s all it did, that would be great. But of course, it doesn’t stop there.
Indeed, it’s a violation of the App Store’s rules
Not surprisingly, Adware Doctor’s secondary role would seem to be a violation of not only peoples’ privacy, but also Apple’s App Store Guidelines. Yet at the time this became well known, which was a month after it was first discovered, the app was still available to be purchased.
That’s not to say Apple isn’t aware of the issue. The researchers behind the discovery reached out to the company in early August, and at the time said they could only share communications about an app with the developer behind it and therefore would not provide updates on the matter.
What you can do
The app is no longer available in the App Store. If you’ve downloaded this app, delete it. As for the browsing history it sent, there isn’t much you can do now. But you may be able to prevent future problems like this.
If you did buy the app, go to your iTunes Account Settings and request a refund and get your money back.