1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Top macOS utility app, Adware Doctor, secretly sends browsing history to China

By David Matthews · 4 replies
Sep 7, 2018
Post New Reply
  1. The most popular utility app in the Mac App Store, Adware Doctor, has been discovered to capture a user's browsing history and ex-filtrate it to a Chinese server.

    The behavior was first discovered by twitter user @privacyis1st who then contacted Patrick Wardle, a former hacker at NSA and current chief research officer at startup Digita Security. Wardle subsequently did a comprehensive deep dive on the rogue app to discover exactly how it works and posted his findings on his blog.

    According Wardle, the app first asks for universal access in order to run. That might sound creepy by itself but most malware/virus scanners need access in order to scan your system. However, Adware Doctor was able to access running processes (normally protected by sandboxing) by using Apple's own code:

    "It’s (likely) just a copy and paste of Apple’s GetBSDProcessList code (found in Technical Q&A QA1123 “Getting List of All Processes on Mac OS X”). Apparently this is how one can get a process listing from within the application sandbox! I’m guessing this method is unsanctioned (as it clearly goes against the design goals of sandbox isolation). And yes, rather amusing the code Adware Doctor uses to skirt the sandbox, is directly from Apple!"

    The app creates a file called 'history.zip' and uploads that file to a server based in China. Unpacking the zip file reveals the browsing history of all the browsers you have installed including Safari. Additionally, the app also captures data from all the apps you've downloaded.

    Despite being a "popular" app, Adware Doctor has quite the checkered past. For example, it has blatantly violated App Store rules by attempting to elevate privileges in 2016 by using AppleScript. It was also caught using the name "Adware Medic" which was already being used by an existing app at the time. Apple pulled it from the Mac App Store only to reinstate it once the name was changed to the current Adware Doctor. Also, Wardle points out that many of the good reviews are likely fake in an effort to attract more users.

    What's most alarming is that despite being notified about this a month ago, Apple has still refused to take action on an application that clearly violates privacy. Apple openly promotes both the Mac and iOS App Stores as the safest way to install applications specifically to avoid rogue applications like Adware Doctor. Presumably, every app is reviewed before it's allowed in the store and when there are issues, Apple is usually quick to remove it.

    While the app itself is still available, the server itself is down (probably due to this revelation). On a positive note, Wardle's in-depth reverse engineering of the app is quite the lesson in cyber-security.

    Permalink to story.

  2. Evernessince

    Evernessince TS Evangelist Posts: 3,903   +3,350

    Apple is doing a really poor job justifying it's insane fees. I'm guessing Apple isn't the only one who completely fails to even bother to take security seriously. Is it really that hard to run an app on a virtual machine and monitor what it is doing before approving it for the app store? I guess hiring someone to do that would make a dent in their trillion bucks.
  3. regiq

    regiq TS Addict Posts: 237   +113

    That's a good one!
  4. nismo91

    nismo91 TS Evangelist Posts: 993   +71

    I'm not surprised. everything is shady in China. I've recently been on a trip to Shanghai and stayed on a 4-star hotel downtown. Surprisingly, the free hotel wifi features VPN which allows me to access Google, Whatsapp and whatnot. However, I've quickly noticed that both my phones' batteries drained very quickly overnight.

    At first I figure it might be a non-responding app, so I restarted my primary phone each day. But on the second night it still drained the battery from 100% to about 20% in the morning. So on the third night I turned off the wifi on both phones. In the morning, battery stays at about 92%, which is what it should be. The next night I turn on the wifi again and sure enough, the battery drains overnight. Go figure.

    I know some places collect your information, but this experience almost feels like a blatant scam.
  5. Nobina

    Nobina TS Evangelist Posts: 1,897   +1,408

    US probably has all the information about you they need including all the big tech companies. Just add another one on the list, ain't a big deal.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...