“A popular top-tier app in Apple’s Mac App Store was found pilfering browser histories from anyone who downloads it,” Zack Whittaker reports for TechCrunch. “Yet still, at the time of writing, the rogue app — Adware Doctor — stands as the No.1 grossing paid app in the app store’s utilities categories. But Apple was warned weeks ago and did nothing to pull the app offline.”
“While it’s not uncommon to hear of dangerous apps slipping into Google’s Play store, it’s nearly unheard of for Apple to face the same fate,” Whittaker reports. “Any app that doesn’t meet the company’s strict security and sometimes moral criteria will be rejected, and users won’t able to install it.”
“This app promises to ‘keep your Mac safe’ and ‘get rid of annoying pop-up ads’ — and even ‘discover and remove threats on your Mac,'” Whittaker reports. “But what the app won’t tell you is that for just a few bucks it’ll steal and download your browser history — including all the sites you’ve searched for or accessed — to servers in China run by the app’s makers.”
Read more in the full article here.
“There is rather a MASSIVE privacy issue here. Let’s face it, your browsing history provides a glimpse into almost every aspect of your life. And people have even been convicted of murder based largely on their internet searches,” Patrick Wardle writes for Objective-See. “Adware Doctor has a long history of questionable behavior, and now acts in a manner that clearly violates Apple’s App Store stringent rules and policies…in many ways!”
“Though this was reported to Cupertino through official channels a month ago, the app remains in the Mac App Store even today!” Wardle writes. “The good news is, Apple can decisively act restoring our faith in both the Mac App Store, but more importantly in their commitment to all us users. How? Easy! By pulling the app and refunding all affected users. As though we’ll never get our browser history back, recovering our hard-earned money would be a start! Your move Apple.”
Read more in the full article here.
MacDailyNews Take: Apple, do the right thing and protect your claim of offering superior privacy protections to users of Apple products: Pull the app and issue refunds to Mac App Store customers who trusted Apple to protect them from such unscrupulous, privacy-trampling dreck.
MacDailyNews Note: 2:25pm EDT: TechCrunch reports that Apple has pulled Adware Doctor from their Mac App Store.
Apple has an opportunity to be a real industry leader in protecting the privacy of their users. The Apple App Store merely pays lip service to it. I should not have to read the lengthy and often unclear privacy policy of every app I download. After all, wasn’t that the main purpose of the walled garden that is the App Store?
That I must “opt in” to countless apps in order to be able to get any meaningful use of them, is a huge failure on Apple’s part. They claim the apps on their store are safe and that has never been 100% true.
I should be able to filter the search for apps that protect my privacy 100% such as: We don’t collect any of your information for any purpose whatsoever and will not do so in the future even if we are bought by another company.
Can’t Apple make the devices transmit some sort of variable information that exists only on the device and changes randomly?
This is beyond ridiculous at this point. I don’t feel like I can even trust Apple anymore because this is too many times they have been caught NOT guarding their hen house and not responding quickly to a real threat when notified.
I have a difficult time believing that the purchaser of a company would not make immediate use of the newly-acquired user data since personal data and its network of contacts I think is the most valuable part of the acquisition.
Regarding: “…and will not do so in the future even if we are bought by another company….”
To clarify, I was trying to say, there wouldn’t be any user information to sell, if they had not ever collected it and that terms of sale would be such as to require no change ever to whatever the privacy policy rules were at the time the data was collected. Apple could mandate this or something similar.
Further, when apps do the bait and switch on their privacy policies, under the guise of sending an update notice about those changes, they should not be allowed to bury those changes within 20 pages of legal documents, but to state them forthright and give the user not only the option of accepting but of rejecting and simultaneously, with a simple selection button, delete all previously acquired user data and close the account. OK, maybe a few selection buttons here.
Apple needs to fix this!
According to the current posting on TechCrunch, Apple has pulled the app.
Class action lawsuit against Adware Doctor.
How are you going to sue a company in China? If there is a suit, it will be against Apple. I suspect some attorneys somewhere are already plotting this out.
And should
“Adware Doctor also turns out to have pushed the boundaries for years. Reed says that Malwarebytes originally started tracking it in 2015, when it was called Adware Medic, which was also the name of a legitimate scanner Reed had developed. Malwarebytes notified Apple and the company removed the app, but Reed says it resurfaced in the App Store within days as Adware Doctor.”
“Malwarebytes continued to track the app over the years and found it suspect, because the app’s functionality was limited—its protections are based on generic, open-source offerings rather than effective, tailored tools. But the new findings from Privacy 1st indicate that the app may have recently added expanded suspicious functionality through an update. “It’s been scammy for awhile, but that was new behavior that we hadn’t observed before,” Reed says.”
From Wired 9/7/2018 – One of Most Popular Mac Apps Acts Like Spyware
Heh, Malwarebytes.
I guess it’s official, all “security” software for the Mac is just malware.
Always have been…