Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

A Popular Mac App That Stole Users' Browsing History Has Been Removed

Researchers said Adware Doctor was "surreptitiously stealing" users' data. Apple confirmed to BuzzFeed News that it has removed the app from the Mac App Store.

Last updated on September 10, 2018, at 2:08 p.m. ET

Posted on September 7, 2018, at 12:06 p.m. ET

Apple has removed a top Mac app called Adware Doctor, designed to "prevent malware and malicious files from infecting your Mac," which, according to security researchers Patrick Wardle and Privacy 1st, was collecting users' browsing history without their consent, violating Apple's policies.


Wardle, who shared his findings with TechCrunch, found that Adware Doctor requested access to users' home directory and files — not unusual for an anti-malware or adware app that scans computers for malicious code — and used that access to collect Chrome, Safari, and Firefox browsing history, and recent App Store searches. The data is then zipped in a file called "" and sent to a server based in China via "" Two independent security researchers confirmed to Motherboard that Wardle's report was accurate.

Mac apps are protected by "sandboxing," meaning apps can't access parts of the computer's file system the user hasn't granted permissions to. In this case, sandboxing protections were not bypassed. The user granted access to the home directory and its files, and the app did not explicitly gain consent for what it was doing with that access.

In his blog post, Wardle noted, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up!"

Security researcher Privacy 1st tweeted that they initially contacted Apple about the Adware Doctor issue on Aug. 12.

What is sad is that it was reported by me on 12th of August and Apple didn't even care... Attached are email screenshots

@privacyis1st / Twitter

Apple confirmed to BuzzFeed News on Friday that it has removed the app from its Mac App Store, but did not offer further comment. Adware Doctor did not immediately respond to a request for comment.

The next release of macOS, macOS Mojave, will protect content like Safari History or cookies from apps, even those to which users have granted access to their home directory.

Adware Doctor, which costs $5, was the top paid app in the "Utilities" category, and the fifth top paid app overall, before it was removed Friday. The app appears to violate the App Store's "Data Collection and Storage" guidelines, which prohibit developers from "surreptitiously discovering private data" or collecting data without consent. It is unclear whether customers who purchased the app will receive a refund.


More Mac applications, that researchers found were deploying similar techniques as Adware Doctor, have been removed from the Mac App Store. On Sept. 7, Komros Anti Malware & Adware, which was purportedly published under a second account belonging to the developer of Adware Doctor, was pulled. Director of security software Malwarebytes Labs Thomas Reed also reported that Open Any Files, Dr. Antivirus, and Dr. Cleaner were also sending the same data to a remote server. 9to5Mac reported that those apps were removed on Sept. 9. Apple did not respond to BuzzFeed News' request for comment.

@objective_see @Apple @privacyis1st It's the same developer as the "Komros Anti Malware & Adware" MAS app, only using a different name. Uses the same URLs to send the user data to. Both apparently steal browser history, google search history, MAS search history.


This post was updated to include a tweet from Privacy 1st, which shows emails sent to Apple.


Added information about the upcoming release of macOS Mojave, which will protect users' Safari history and cookies from this kind of access abuse.


More information on additional apps that were removed from the App Store has been added to the story.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.