Photo by prettysleepy1 on PIxabay
Popular Mac App Store Utility Turned Out to Be Spyware
Here’s a bit of disturbing news: the top-grossing utility app in the Mac App Store was stealing users’ Web browsing histories. The app, Adware Doctor, managed to sneak past not only Apple’s app review process but also macOS’s sandboxing protections to steal and upload browser histories from Chrome, Firefox, and Safari to servers in China. To add insult to injury, the developers charged $4.99 for the app, which promised to “keep your Mac safe.” Apple has pulled Adware Doctor from the Mac App Store, but if you encounter it on a Mac, delete it with prejudice.
Looks like several people at Apple aren’t doing their jobs.
Hmmm. I looked and found AdwareMedic.app created and modified 2015. Slightly different name than Adware Doctor. I cannot remember when I installed it. Any comments? Can I just drag it to the trash or does it need an uninstall process?
Adware Medic has become Malwarebytes for Mac, so it is no longer being supported or updated. As I recall, it can just be dragged to the trash.
Many of the ones that slip by do things ike
and so on.
Al, Thanks. I’ll do that. Gil
Interesting. However, Apple should be able to compensate for those things during testing.
I would have thought they actually review the code rather than just try out the app (which anybody could do).
Do you have a reference for any of this? I follow such things on a daily basis and work with several who have excellent reverse engineering skills on such things and don’t recall any of the incidents you outline even being being reported.
The things I mentioned are trivial and likely detected by scans of the app binaries. I read about them going back over 5 years ago. One that seems to stick in my mind was a teathering app back before it was allowed.
Now days I’m sure there are more complicated things being done by folks trying to slip by the guardians of the app store. I can think of several ways to hide things that might get by reviewers.
Have you every tried to read the code for a complicated application? Some of these apps likely have over 100K lines of “code” spread accross 100s of modules. And multiple those numbers by 10 or 100 for apps like MS Word or similar.
Join the discussion in the TidBITS Discourse forum