Apple is often self-confident regarding the security of its App Stores. However, sometimes things slip through the net. In the Mac App Store a highly popular and top-rated utility app turned out to be collecting data about its users – Including browsing history – and sending it to a Chinese server – Even after Apple was made aware of the weeks before.


Adware Doctor

The app in question, found on Apple’s Mac App Store, is dubbed Adware Doctor. Acting as an anti-malware tool it claimed to scan the user’s device and prevent malware and other harmful code from infecting their Mac. Adware Doctor was also very popular – Finding itself on the top amongst paid apps under the Utility-category and on a fourth place amongst all paid apps in the store – Moving past Logic Pro X and Final Cut Pro among others.


Exhibiting spyware-like behavior

While the app kept gaining popularity a security researcher with the Twitter username @privacyis1st revealed some suspicious spyware-like behavior: The app seemed to be saving user data. The researcher even uploaded a proof-of-concept video of the app stealing files.

With the assistance of ex-NSA staffer Patrick Wardle a more thorough analysis was performed and posted on Wardle’s blog. They found the app stole more than previously thought, including user browser history, lists of downloaded apps and running processes, among others. Finally, sending it to a Chinese server. To extract this information the app bypassed Apple’s sandbox restrictions – All of which is in blatant disregard to Apple’s App Store Rules and Guidelines.


Even with the alerts by the researchers and the app’s shady past – Including name changes and impersonation of other, legitimate applications – It took a month for it to finally be removed from the store. Therefore, users who have previously downloaded the app are urged to remove it. If you are worried about malware on your Mac make sure to only download apps from verified sources and especially known-to-be-safe companies.

Leave a Reply

Your email address will not be published. Required fields are marked *