A top paid app in the Mac App Store has been revealed as stealing the browser histories of anyone who downloads and uses it.
Adware Doctor is among the top grossing paid apps in the App Store’s utilities category. According to a report by TechCrunch, Apple was warned about the data pilfering several weeks ago, although it has still not pulled the app.
The $4.99 app claims to “keep your Mac safe” by getting rid of “annoying pop-up ads,” and discovering and removing threats on macOS.
However, it also downloads users’ browsing history — including all the sites they have searched for or accessed — and sends this to the app makers in China in the form of a zipped folder. This happens regardless of whether you use Chrome, Firefox, or Safari.
The security flaw was discovered by researcher Patrick Wardle, a former NSA hacker and currently chief research officer at cybersecurity startup Digita Security. According to Wardle, the app is able to somehow bypass the sandboxing features on the Mac, which are designed to stop apps gathering data on users’ hard drives.
It was able to get away with its deception due to the fact that tools which are described as being anti-malware or anti-adware are expected by users to scan files for problems — although, obviously, not to copy files.
Privacy on Apple devices
Apple also recently gave users the ability to download a copy of all the data Apple has collected about them — including App Store and iTunes activity, Apple ID account and device information, online and retail store activity, AppleCare support history, and more.