We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. A popular Mac app called Adware Doctor appears to actually be a piece of spyware that can secretly send your browser history to China. On Friday, a pair of security researchers published a report that details how the app will secretly log your browser history into a password-protected zip file, which is then uploaded to a server based in China. The app will specifically harvest what websites you've visited over the Safari, Chrome, and Firefox browsers. In addition, Adware Doctor will also steal your search history in iTunes, and figure out any other apps you have installed on a Mac. "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up!" wrote Patrick Wardle and another security researcher who goes by the name "Privacy 1st." Privacy 1st spotted the app's spyware function in August and notified Apple. However, the product remained on the App Store until Friday morning, when the media began reporting on the security researchers' findings. Why Apple didn't act sooner to take down the app isn't totally clear. But the company told PCMag it did, indeed, pull the product from the App Store. On Friday, before it was removed, the $4.99 Adware Doctor ranked as the fifth top paid app on Apple's official store. In a blog post, security firm Malwarebytes said it has had its eye on the app since 2015. "At that time, we discovered an app on the App Store named Adware Medic—a direct rip-off of my own highly successful app of the same name, which became Malwarebytes for Mac," wrote Thomas Reed, director of Mac and mobile at Malwarebytes. "We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor." Reed said Malwarebytes has "continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple's review process, is always replaced by a new version before long." Adware Doctor's developer is listed as Yongming Zhang; no website or contact information is provided. On the positive side, Wardle and Privacy 1st note the app does appear to actually clear your browser of adware; the data collection also appears to have stopped a few days ago. However, the whole issue highlights the risk of simply assuming everything on the Mac App Store is safe. Adware Doctor had received over 6,000 five-star reviews, but the security researchers are doubtful the positive claims are real. Installed software from the Mac App Store is usually restricted from accessing other applications on your computer. However, Adware Doctor will bypass this restriction by asking the user for access to a Mac's home directory, under the pretense of needing to scan your computer for adware and malware. As a result, the app can skirt macOS's built-in "sandbox" protections. "At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user," the researchers wrote. Apple told PCMag that macOS Mojave, expected in the fall, will include a new privacy protection that'll prevent wayward apps from pulling browser histories from Safari. This protection will be in place even when a user grants an app access to the computer's home directory. However, Apple hasn't commented on what it'll do to stop other spyware-like apps from infiltrating the App Store.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. A popular Mac app called Adware Doctor appears to actually be a piece of spyware that can secretly send your browser history to China. On Friday, a pair of security researchers published a report that details how the app will secretly log your browser history into a password-protected zip file, which is then uploaded to a server based in China. The app will specifically harvest what websites you've visited over the Safari, Chrome, and Firefox browsers. In addition, Adware Doctor will also steal your search history in iTunes, and figure out any other apps you have installed on a Mac. "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up!" wrote Patrick Wardle and another security researcher who goes by the name "Privacy 1st." Privacy 1st spotted the app's spyware function in August and notified Apple. However, the product remained on the App Store until Friday morning, when the media began reporting on the security researchers' findings. Why Apple didn't act sooner to take down the app isn't totally clear. But the company told PCMag it did, indeed, pull the product from the App Store. On Friday, before it was removed, the $4.99 Adware Doctor ranked as the fifth top paid app on Apple's official store. In a blog post, security firm Malwarebytes said it has had its eye on the app since 2015. "At that time, we discovered an app on the App Store named Adware Medic—a direct rip-off of my own highly successful app of the same name, which became Malwarebytes for Mac," wrote Thomas Reed, director of Mac and mobile at Malwarebytes. "We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor." Reed said Malwarebytes has "continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple's review process, is always replaced by a new version before long." Adware Doctor's developer is listed as Yongming Zhang; no website or contact information is provided. On the positive side, Wardle and Privacy 1st note the app does appear to actually clear your browser of adware; the data collection also appears to have stopped a few days ago. However, the whole issue highlights the risk of simply assuming everything on the Mac App Store is safe. Adware Doctor had received over 6,000 five-star reviews, but the security researchers are doubtful the positive claims are real. Installed software from the Mac App Store is usually restricted from accessing other applications on your computer. However, Adware Doctor will bypass this restriction by asking the user for access to a Mac's home directory, under the pretense of needing to scan your computer for adware and malware. As a result, the app can skirt macOS's built-in "sandbox" protections. "At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user," the researchers wrote. Apple told PCMag that macOS Mojave, expected in the fall, will include a new privacy protection that'll prevent wayward apps from pulling browser histories from Safari. This protection will be in place even when a user grants an app access to the computer's home directory. However, Apple hasn't commented on what it'll do to stop other spyware-like apps from infiltrating the App Store.