Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
A MacBook Air with creepy eyes on the screen, an old iPhone, and an espresso.

Photo by prettysleepy1 on PIxabay


Popular Mac App Store Utility Turned Out to Be Spyware

Here’s a bit of disturbing news: the top-grossing utility app in the Mac App Store was stealing users’ Web browsing histories. The app, Adware Doctor, managed to sneak past not only  Apple’s app review process but also macOS’s sandboxing protections to steal and upload browser histories from Chrome, Firefox, and Safari to servers in China. To add insult to injury, the developers charged $4.99 for the app, which promised to “keep your Mac safe.” Apple has pulled Adware Doctor from the Mac App Store, but if you encounter it on a Mac, delete it with prejudice.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Popular Mac App Store Utility Turned Out to Be Spyware

Notable Replies

  1. Looks like several people at Apple aren’t doing their jobs.

  2. Hmmm. I looked and found created and modified 2015. Slightly different name than Adware Doctor. I cannot remember when I installed it. Any comments? Can I just drag it to the trash or does it need an uninstall process?

  3. Adware Medic has become Malwarebytes for Mac, so it is no longer being supported or updated. As I recall, it can just be dragged to the trash.

  4. Many of the ones that slip by do things ike

    • turn off the bad things until several weeks or months after submission.
    • behave if they geo locate to somewhere near the bay area
    • behave if any IP address starts with 17.x.x.x
    • behave if any user settings seem to be tied to
      and so on.
  5. Al, Thanks. I’ll do that. Gil

  6. Interesting. However, Apple should be able to compensate for those things during testing.

  7. I would have thought they actually review the code rather than just try out the app (which anybody could do).

  8. Do you have a reference for any of this? I follow such things on a daily basis and work with several who have excellent reverse engineering skills on such things and don’t recall any of the incidents you outline even being being reported.

  9. The things I mentioned are trivial and likely detected by scans of the app binaries. I read about them going back over 5 years ago. One that seems to stick in my mind was a teathering app back before it was allowed.

    Now days I’m sure there are more complicated things being done by folks trying to slip by the guardians of the app store. I can think of several ways to hide things that might get by reviewers.

  10. Have you every tried to read the code for a complicated application? Some of these apps likely have over 100K lines of “code” spread accross 100s of modules. And multiple those numbers by 10 or 100 for apps like MS Word or similar.

    It would be a hopeless task. In just the time required. Much less understanding the code base. And what about code written in Hindi? Or code run through things to deliberately make it hard to decipher. (Think of JavaScript downloaded by Google web apps.) Not to mention NDA and trade secret issues.

Join the discussion in the TidBITS Discourse forum


Avatar for jcenters Avatar for Simon Avatar for romad Avatar for alvarnell Avatar for raleighthings Avatar for gil_woolley