Published in News

Mac security app sent data to China

by on10 September 2018


All your Coldplay are belong to us

A top-grossing Mac App Store app has been stealing users’ browser histories and uploading them to Chinese servers.

Adware Doctor is a top app in Apple's Mac App Store, sitting at number five in the list of top paid apps and leading the list of top utilities apps.

It claims it prevents "malware and malicious files from infecting your Mac" and claims to be one of the best apps to do so.

Security researcher Patrick Wardle said that the software sidesteps Apple's sandboxing features and snags browser histories from Chrome, Firefox and Safari.

"Now, an anti-malware or anti-adware tool is going to need legitimate access to user's files and directories -- for example to scan them for malicious code", Wardle explains.

"However, once the user has clicked 'Allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses."

Wardle points out the app is in violation of Apple's App Store Rules & Guidelines. However, despite being told of the issue a month ago, Jobs’ Mob has ignored the issue. It apparently has now pulled the app.

“Stealing users' browser histories is a serious privacy issue and "rather fucked up", as Wardle puts it. One has to wonder why Apple's own security screening system for Apps failed to spot it.

 

 

Last modified on 10 September 2018
Rate this item
(0 votes)