Apple has been forced to remove one of the most popular security apps on its Mac App Store after it was found to be secretly exfiltrating browser data to China.
Adware Doctor had a 4.8-star rating off the back of over 7000 user reviews and sat at the top of the list of paid utility apps.
However, despite running as an anti-malware and anti-adware product, the Mac application was also found to be engaged in some rather dubious activities.
Specifically, researchers noted it had been gathering browser history from Chrome, Safari and Firefox users, along with a list of all running processes and software downloads before sending to AWS servers administered by someone in China.
“Most of this is data that App Store apps should not be accessing, much less exfiltrating. In the case of the list of running processes, the app had to work around blockages that Apple has in place to prevent such apps from accessing that data,” explained Malwarebytes director of Mac and mobile, Thomas Reed.
“The developers found a loophole that allowed them to access that data despite Apple’s restrictions.”
Reed claimed that the app itself has a long track record of unscrupulous behaviour: it was previously called “Adware Medic” — a title which Reed said was a “rip off” of his app of the same name. Once Apple was informed of this, the developer simply changed the name to Adware Doctor.
The case seems to call into question Apple’s vetting process for apps on its official marketplace.
“We’ve continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple’s review process, is always replaced by a new version before long,” said Reed.
Other official App Store applications tracked by Reed which are actively exfiltrating user data to the developer’s servers include Open Any Files, Dr Antivirus, and Dr Cleaner.
“It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes,” concluded Reed.
“I strongly encourage you to treat the App Store just like you would any other download location: as potentially dangerous. Be cautious of what you download. A free app from the App Store may seem perfectly innocent and harmless, but if you have to give that app access to any of your data as part of its expected functionality, you can’t know how it will use that data. Worse, even if you don’t give it access, it may find a loophole and get access to sensitive data anyway.”