© 2019 Omnisence, llc
Today it isn’t very surprising when we learn about products or services that end up having an ulterior motive, especially when it comes to user data. In this case, user browsing data has been getting gathered and sent to a server in China under the guise of protection.
Adware Doctor, one of the most used and popular apps on the Mac App Store, has been secretly logging user browsing history and sending that information to a server in China. Adware Doctor describes it’s services as an Anti Malware and Ad blocker that prevents ad popups and discovers and handles threats to your Mac.
The 4.8 of 5 star rated application had been analyzed and reported by a security researcher named Patrick Wardle for this very reason about a month back, however had noticed there was no change to the apps description or availability in the stores app page.
The app supposedly creates a password-protected archive called history.zip. This file can store information from the multiple popular web browsing options like Google Chrome, Firefox, and even Safari. While generally sandboxing is supposed to help prevent apps from accessing data of other apps, but the request for universal access from Adware Doctor when it’s first run allows for such a bypass. Universal access for something like Adware Doctor is not uncommonly seen, so to see such a request would be normal and not given a second thought. Upon further evaluation, it was also seen that Adware Doctor could access running processes, which is uncommon because sandboxing should still be able to prevent that even with the universal permission. The speculation surrounding the apps ability to access running apps is achieved by using Apple’s own code against them. By copy and pasting Apple’s GetBSDProcessList code, getting a list of all processes is possible, and would potentially allow for bypassing the sandbox prevention.
The app has also been seen to log information on other apps you have downloaded and their source location.
Adware Doctor has however finally gained the attention of Apple’s team and has been removed from the store as of 8:54 am PT on Sept. 7th 2018.
Ironic how, that which we think protects us can end up being the root of our problems or insecurities.