- Security researchers have found that Adware Doctor, a top paid app, is acting like spyware.
- Adware Doctor is found to send user and system process information to a Chinese server.
- The researchers say Apple is yet to take any action on the app’s listing in the App Store despite reminders.
The Mac App Store is a trusted source for downloading curated apps and Apple’s strict app submission guidelines are well known. Apparently, all is not rosy as security researchers have found spyware apps in the Store that can collect personally identifiable information from unsuspecting users. A researcher who goes by the name ‘Privacy 1st‘ has identified one such app called Adware Doctor that, interestingly, sits 4th on the list of Top Paid Apps in the Mac App Store.
Top Sold MacOS AppStore application is ROGUE. Adware Doctor is stealing your privacy. PoC: https://t.co/LmveX593q0#malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert
— Privacy 1st (@privacyis1st) August 20, 2018
Privacy 1st’s investigations were confirmed independently by other Mac security researchers such as Patrick Wardle of Digita Security and Thomas Reed of Malwarebytes. They found that Adware Doctor collects user information such as browsing history and a list of processes running on the installed computer, stores the data in a locked file and sends it out to some server in China. These activities are in brazen violation of the App Store policies but Apple is apparently yet to take any action.
The researchers have found that Adware Doctor asks the user permission for accessing the macOS Home folder, which is when it starts collecting user data. This is despite the fact that Mac apps are sandboxed from each other. While traditional Mac apps generally have system-wide permissions, apps downloaded from the App Store operate in isolation. Therefore, it’s kind of surprising that a filesystem scanner app is being listed on the App Store. The App Store itself though is not immune to apps being ranked higher due to fake reviews. Apple hasn’t responded to Privacy 1st’s or Malwarebytes’ report and in the meanwhile, the app is reportedly making quite a chunk of money for both itself and Apple.
As always, we advise users that prevention is better than cure and they should always exercise due diligence while downloading software irrespective of whether the app is from a first-part or a third-party source.