INSUBCONTINENT EXCLUSIVE:
A popular top-tier app in Apple Mac App Store was found pilfering browser histories from anyone who downloads it.
Yet still, at the time of
writing, the rogue app — Adware Doctor — stands as the No.1 grossing paid app in the app store utilities categories
But Apple was warned weeks ago and did nothing to pull the app offline.
Now it seems Apple has pulled the app
Apple would not comment on the record.
Apple walled garden approach to Mac and iPhone security is almost entirely based on the inability to
install apps outside the app store, which Apple monitors closely
While it not uncommon to hear of dangerous apps slipping into Google Play store, it nearly unheard of for Apple to face the same fate
Any app that doesn''t meet the company strict security and sometimes moral criteria will be rejected, and users won''table to install
it.
This app promises to &keep your Mac safe& and &get rid of annoying pop-up ads& — and even &discover and remove threats on your Mac.&
But what the app won''t tell you is that for just a few bucks it&ll steal and download your browser history — including all the sites
you&ve searched for or accessed — to servers in China run by the app makers.
Thanks in part to a video posted last month on YouTube and
with help from security firm Malwarebytes, it now clear what the app is up to.
Security researcher Patrick Wardle, a former NSA hacker and
now chief research officer at cybersecurity startup Digita Security, dug in and shared his findings with TechCrunch.
Wardle found that the
downloaded app jumped through hoops to bypass Apple Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and
upload a user browser history on Chrome, Firefox and Safari browsers.
Wardle found that the app, thanks to Apple own flawed vetting, could
request access to the user home directory and its files
That isn''t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user
files to scan for problems
When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can &collect and exfiltrate any
user file,& said Wardle.
Once the data is collected, it zipped into an archive file and sent to a domain based in China.
Signal for Mac
users should disable notifications to keep their messages secure
Wardle said that for some reason in the last few days the China-based
At the time of writing, TechCrunch confirmed that the domain wouldn''t resolve — in other words, it was still down.
Let face it, your
browsing history provides a glimpse into almost every aspect of your life,& said Wardle post
&And people have even been convicted based largely on their internet searches!
He said that the app access to such data &is clearly based on
deceiving the user.
Apple was contacted weeks ago
The email it responded with, in not so many words, said &we can''t tell you anything,& but forwarded the feedback.
A meagre $4.99 for the
app may not seem much to the average user, but it a heavy price to pay for having the app steal your browser history — which users will
And given that Apple makes a 30 percent cut of every purchase of this popular app, there isn''t much financial incentive to withdraw the app
from the store.
Updated at 9:05am PT: with confirmation that the app has been pulled.
