Popular Mac Adware Blocker Found Sending All Browser History to China

Popular Mac Adware Blocker Found Sending All Browser History to China

The Mac-based Adware Doctor is one of the most popular apps in the Mac App Store and the 4th highest-grossing application. Apple positions the Mac Store as the safest place to download Mac software and literally states in its ad copy that “The safest place to download apps for your Mac is the Mac App Store.” A new investigation of the application, however, proved that Adware Doctor did far more than block advertising.

According to Patrick Wardle of Objective-See, who undertook an investigation of the application, Adware Doctor is a capital piece of spyware — and it took Apple more than a month to remove the app from the Mac Store even once Wardle had turned over his findings. He notes that he worked closely with @privacyis1st to compile the report.

Image by Objective-See
Image by Objective-See

While Adware Doctor does indeed contain a malware detection database, when you actually tell it to clean your system, it gets busy… exfiltrating all of your data. It then creates a file to hold this information (history.zip) and contacts its own servers to upload it. It exports your entire browser history, along with data from the App Store and other information. This, it must be noted, should be impossible. Apps downloaded from the App Store are supposed to be immune to this kind of exfiltration. But AD requests permission to access the Home directory (for the purposes of performing a malware scan), which means it’s also been granted permission to perform a whole host of other activities, including gathering your browser history.

Image by Objective-See
Image by Objective-See

There are also some previously unacknowledged holes in Apple’s sandboxing capabilities, given that the malware is able to extract a list of all running processes (Wardle steps through how it accomplishes this). But the larger issue here is that all of this is taking place under Apple’s very nose, in an application that has supposedly been through a rigorous review process, with multiple capabilities that fly directly in the face of Apple’s published rules.

Apps that collect and store data must receive permission to do so. Apps must not trick or force people to reveal information unnecessarily. Developers that use these or similar surreptitious behaviors will have their apps removed from the App Store. Apple did finally remove Adware Doctor from the App Store once this story started to break, but as Wardle notes, he reported his findings to Apple a month ago and was promised a swift response. That response only happened once Apple realized the issue had gone public. In the meantime, every single person who bought or used Adware Doctor in the 30 days since Wardle made the initial report has had their data exfiltrated to China.

The App Store is the safest place to download apps for your Mac. Except, of course, when Apple knowingly distributes for malware for at least a month.

Continue reading

Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference
Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference

Intel's Raja Koduri will speak at a Samsung foundry event this week — and that's not something that would happen if Intel didn't have something to say.

Samsung May Build $10B Foundry in Austin, Texas
Samsung May Build $10B Foundry in Austin, Texas

Samsung may be planning a new $10B foundry in Austin Texas, with an aggressive plan to challenge TSMC.

OnePlus Founder’s New Startup Bought the Husk of Andy Rubin’s Essential
OnePlus Founder’s New Startup Bought the Husk of Andy Rubin’s Essential

OnePlus's cofounder recently left to start a new venture called Nothing. Currently, Nothing makes nothing, so that's a fitting name. It might make something soon now that it has purchased the husk of Andy Rubin's smartphone startup.

Samsung’s Austin Foundry Is Still Offline, More Than 2 Weeks Later
Samsung’s Austin Foundry Is Still Offline, More Than 2 Weeks Later

Samsung's Austin foundry is still offline, increasing the chance that its shutdown will meaningfully contribute to the semiconductor shortage.