Note: This is a developing story, we will update the information when there is a progess.

Recently, a German security researcher, who goes by the name Privacyis1st on Twitter, spotted one of the top grossing paid apps (#1 app in the utility category) on the Mac App Store – Adware Doctor – stealing users’ browsing history while sending it back to a China-based domain.

adware doctor

The app has been removed from the App Store yesterday, after the buzz, finally! But, that’s not the end of the story.

Was Apple aware of it a month back? Yes….

So, here’s the shocker: Apple was well-aware of this report for over a month and it only took action after the news hit the buzz.

In my opinion, they shouldn’t have just taken down the app from the app store, they should also refund the money.

Apple states that the app store is the safest place to download apps for its devices, but if this wasn’t for a security researcher, the top grossing app would have banked in a lot more money while stealing users’ data. And, Apple let it happen for a month, even after being aware of it?

If you’re curious about the technical details of how the app managed to steal your browsing data, Patrick Wardle in collaboration with @Privacyis1st published a blog post about the research.

Two more popular apps on the Mac App Store does the same – Wait, What?!

Now, the security researchers have spotted two more apps on the App Store.

Dr. Antivirus” and “Dr. Cleaner” which are again two of the most popular applications utilized by Mac users developed by a reputed cybersecurity company Trend Micro.

dr antivirus

Thomas Reed – a self-trained Apple security expert from Malwarebytes also looked into the matter and published a post explaining in brief about the results.

Here’s what he mentioned:

“Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around storage and protection of personally identifiable information like organizations based in the US or EU.”

So, it’s definitely a thing to worry about.

Should you treat the App Store potentially “dangerous”? Yes!

In addition to what Malwarebytes found out, they clearly mentioned that you should treat the App Store just like any other download store – with potential apps that exfiltrate your data.

They further clarified the situation of Apple being ignorant as well:

” We’ve reported software like this to Apple for years, via a variety of channels, and there is rarely any immediate effect. In some cases, we’ve seen offending apps removed quickly, although sometimes those same apps have come back quickly (as was the case with Adware Doctor). In other cases, it has taken as long as six months for a reported app to be removed.

In many cases, apps that we have reported are still in the store. Case in point…all of the above.”

While we’re still waiting for the apps to removed from the App Store, what do you think about it? Let us know your thoughts in the comments below.

 

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Sourav Rudra Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Sourav Rudra
Guest
Sourav Rudra

Like why would anyone want to use cleaner application on Mac, isn’t it the most optimized OS for a laptop?, still it’s sad to see Apple not removing these applications earlier.