Note: This is a developing story, we will update the information when there is a progess.
Recently, a German security researcher, who goes by the name Privacyis1st on Twitter, spotted one of the top grossing paid apps (#1 app in the utility category) on the Mac App Store – Adware Doctor – stealing users’ browsing history while sending it back to a China-based domain.
The app has been removed from the App Store yesterday, after the buzz, finally! But, that’s not the end of the story.
Was Apple aware of it a month back? Yes….
So, here’s the shocker: Apple was well-aware of this report for over a month and it only took action after the news hit the buzz.
In my opinion, they shouldn’t have just taken down the app from the app store, they should also refund the money.
Apple states that the app store is the safest place to download apps for its devices, but if this wasn’t for a security researcher, the top grossing app would have banked in a lot more money while stealing users’ data. And, Apple let it happen for a month, even after being aware of it?
Two more popular apps on the Mac App Store does the same – Wait, What?!
Now, the security researchers have spotted two more apps on the App Store.
Here’s what he mentioned:
“Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around storage and protection of personally identifiable information like organizations based in the US or EU.”
So, it’s definitely a thing to worry about.
Should you treat the App Store potentially “dangerous”? Yes!
In addition to what Malwarebytes found out, they clearly mentioned that you should treat the App Store just like any other download store – with potential apps that exfiltrate your data.
They further clarified the situation of Apple being ignorant as well:
” We’ve reported software like this to Apple for years, via a variety of channels, and there is rarely any immediate effect. In some cases, we’ve seen offending apps removed quickly, although sometimes those same apps have come back quickly (as was the case with Adware Doctor). In other cases, it has taken as long as six months for a reported app to be removed.
In many cases, apps that we have reported are still in the store. Case in point…all of the above.”
While we’re still waiting for the apps to removed from the App Store, what do you think about it? Let us know your thoughts in the comments below.