The several thousand glowing reviews that Adware Doctor had garnered prior to its removal were “likely fake”, researchers say
Apple has pulled a highly popular app from the Mac App Store after security researchers found that the app secretly logged and sent the browsing histories of its users and other sensitive data to remote servers.
The rogue app, called Adware Doctor, was the fourth most popular paid app in the store and the very top grossing paid app in the “utilities” category prior to its removal. It was promoted as enhancing users’ security and privacy, and promised to prevent “malware and malicious files from infecting your Mac”, as well as to help them “get rid of annoying pop-up ads”.
The app’s unwanted behavior was first revealed in a proof-of-concept video by a security researcher who goes by the handle Privacy 1st on Twitter. These findings were later confirmed and described by another researcher, Patrick Wardle, in this blog post.
When executed for the first time, the app asks the user for permission to access the system’s home directory and all sub-directories and files underneath it. This alone isn’t unusual for security tools, as Wardle also notes, because “an anti-malware or anti-adware tool is going to need legitimate access to user’s files and directories – for example to scan them for malicious code.”
However, Adware Doctor goes beyond what the user would expect or, indeed, want it to do. Among other things, the app creates a password-protected archive called history.zip that contains a user’s browsing history from Safari, Chrome and Firefox. On a regular basis, the file is transmitted to servers that appear to be based in China, where the app’s developer also hails from.
Further data that the app siphons off – needless to say, also without the user’s consent or knowledge – include a list of processes running on the machine and a history of the user’s searches in the Mac App Store.
Prior to its removal, the app had received thousands of mainly rave reviews, earning it a near-perfect, 4.8-star rating. Their authenticity has been questioned, however.
Adware Doctor retailed for $4.99 and was touted as being on sale from its usual price of $14.99. Now, what seemed like a bargain has turned out to be anything but.