Apple pulls popular anti-adware app from Mac App Store after it was caught stealing users' browsing data
It is not uncommon for malicious apps to slip into Google's App Store. But when it comes to Apple, the gateway to the App Store is pretty much closed owing to the company's strict guidelines which make it difficult for the apps to grab a coveted spot in the list. Over the years, Apple's walled-garden approach has helped the company in keeping its App Store clean. But now, a new report suggests that a malicious app may have bypassed the company's scrutiny after all.
Recently, security researchers found a top Mac app called the Adware Doctor of stealing users' browsing data and sending it to a Chinese server without their explicit consent. Apple has taken a note of the apparent violation of its policies and removed it from the Mac App Store. Apple confirmed the removal of the Adware Doctor app from its Mac App Store to Buzzfeed News but refused to share details about the data breach.
According to reports, Adware Doctor, like any other anti-malware or adware app, scans your computer for malicious code. The app then uses the same access access to collect browsing history from Chrome, Safari and Firefox web browsers, and recent App Store searches. This data is then saved in a password protected file called "history.zip" and sent to a China-based server via "adscan.yelabapp.com".
Apple protects Mac apps by a process called "sandboxing", which means that the apps can't access parts of a Mac's system files that user hasn't granted them access to. However, in case of Adware Doctor, sandboxing protections were not bypassed as users had granted the app explicit permission to do so.
This breach has been verified by former NSA hacker Patrick Wardle and a German security researcher who goes by the name Privacy 1st on Twitter.
It's worth noting that Privacy 1st posted a video highlighting the flaw last month. He also notified Apple about the same. However, the company responded to the communication by the researcher saying that someone will look into the matter and that he would not be informed about the developments. And now nearly after a month after the breach was first brought into the company's notice, Apple has removed the app from the App Store for good.
Interestingly, prior to its removal, Adware Doctors was one of the top paid apps in the App Store and it costed $4.99 (Rs 360 approximately). Now it remains to be seen if Apple will refund the amount to the subscribers of the app.