Advertisement

BuzzFeed News

X
Tech

A Popular Mac App That Stole Users' Browsing History Has Been Removed

Researchers said Adware Doctor was "surreptitiously stealing" users' data. Apple confirmed to BuzzFeed News that it has removed the app from the Mac App Store.

Apple has removed a top Mac app called Adware Doctor, designed to "prevent malware and malicious files from infecting your Mac," which, according to security researchers Patrick Wardle and Privacy 1st, was collecting users' browsing history without their consent, violating Apple's policies.

Apple

Wardle, who shared his findings with TechCrunch, found that Adware Doctor requested access to users' home directory and files — not unusual for an anti-malware or adware app that scans computers for malicious code — and used that access to collect Chrome, Safari, and Firefox browsing history, and recent App Store searches. The data is then zipped in a file called "history.zip" and sent to a server based in China via "adscan.yelabapp.com." Two independent security researchers confirmed to Motherboard that Wardle's report was accurate.

Mac apps are protected by "sandboxing," meaning apps can't access parts of the computer's file system the user hasn't granted permissions to. In this case, sandboxing protections were not bypassed. The user granted access to the home directory and its files, and the app did not explicitly gain consent for what it was doing with that access.

In his blog post, Wardle noted, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up!"

Security researcher Privacy 1st tweeted that they initially contacted Apple about the Adware Doctor issue on Aug. 12.

@privacyis1st / Twitter

Apple confirmed to BuzzFeed News on Friday that it has removed the app from its Mac App Store, but did not offer further comment. Adware Doctor did not immediately respond to a request for comment.

The next release of macOS, macOS Mojave, will protect content like Safari History or cookies from apps, even those to which users have granted access to their home directory.

Adware Doctor, which costs $5, was the top paid app in the "Utilities" category, and the fifth top paid app overall, before it was removed Friday. The app appears to violate the App Store's "Data Collection and Storage" guidelines, which prohibit developers from "surreptitiously discovering private data" or collecting data without consent. It is unclear whether customers who purchased the app will receive a refund.

Apple

More Mac applications, that researchers found were deploying similar techniques as Adware Doctor, have been removed from the Mac App Store. On Sept. 7, Komros Anti Malware & Adware, which was purportedly published under a second account belonging to the developer of Adware Doctor, was pulled. Director of security software Malwarebytes Labs Thomas Reed also reported that Open Any Files, Dr. Antivirus, and Dr. Cleaner were also sending the same data to a remote server. 9to5Mac reported that those apps were removed on Sept. 9. Apple did not respond to BuzzFeed News' request for comment.


UPDATE

This post was updated to include a tweet from Privacy 1st, which shows emails sent to Apple.

UPDATE

Added information about the upcoming release of macOS Mojave, which will protect users' Safari history and cookies from this kind of access abuse.

UPDATE

More information on additional apps that were removed from the App Store has been added to the story.


Nicole Nguyen is a tech reporter for BuzzFeed News and is based in San Francisco.

Contact Nicole Nguyen at nicole.nguyen@buzzfeed.com.

Got a confidential tip? Submit it here.

Advertisement

Share on Twitter Share on Twitter Twitter Share on Facebook Share on Facebook Facebook Share on System Share on System System