The Mac App Store is supposed to be a safe way to download software, but a prominent malware scanner sold there until recently was grabbing users’ browsing history.
The application, called Adware Doctor, was a top grossing app on the store. It also wiggled its way around the macOS sandbox restrictions to grab personal information. Patrick Wardle, writing for Objective-See, broke down how this all works, so check that out for all the details. Here’s a video showing the process in action:
Apple has known about all of this for a month, but the app remained for sale until Wardle’s post. Here’s Wardle writing about that:
This research (original credit: @privacyis1st) uncovered blatant violations of users’ privacy and complete disregard of Apple’s App Store Guidelines.
And surprising, though this was reported to Cupertino through official channels a month ago, the app remains in the Mac App Store even today!
It’s tempting to wonder if Apple’s 30% cut of each sale of this massively popular app has lead to such egregious inaction. And does it not seem that their laudable statements on supporting user privacy, are sadly only words?
Sadly this is nothing new: Apple often doesn’t react to stuff like this until someone points it out. I wrote that the Mac App Store is full of scams back in 2016, and all the apps I mentioned were taken down or given less vague descriptions a few weeks later. It would be nice if Apple caught stuff like this before someone pointed it out publicly.