Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China.
Adware Doctor, which sold for $4.99 and was listed last week among the highest grossing apps in the “Paid Utilities” category of the macOS App Store, promised it would “keep your Mac safe”, “get rid of annoying pop-up ads” and “discover and remove threats on your Mac.”
What users did not know, however, was that the app had skirted around macOS’s sandboxing features and was silently exfiltrating data to servers based in China, therebyviolating the App Store’s “Data Collection and Storage” guidelines.
The data exfiltrated from users’ computers included:
- Chrome browser history
- Firefox browser history
- Safari browser history
- A list of running processes
- A list of software that you have downloaded
Not only could an unauthorized party now keep track of which websites you had visited in the past and what you had been reading; they also knew what programs you had running on your Mac computer.
Adware Doctor’s suspicious behavior was uncovered after an investigation conducted by security researchers @privacyis1st (who made a video demonstrating the app’s behind-the-scenes behaviour) and Patrick Wardle.
Monitoring network activity, the researchers were able to show that the app created a file called “history.zip” and sent it to a server based in China. And to make matters even worse, the history.zip file was ‘protected’ with the trivial password “webtool” (hardcoded in plaintext).
Privacy 1st claims that he privately informed Apple of the problem concerning Adware Doctor and two other apps on August 12th, but it appears that no action was taken until he and Wardle published their findings on Friday last week.
Since the discovery was made public, it has come to light that there are a number of (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/apps-that-steal-users-browser-histories-kicked-out-of-the-mac-app-store/