Adware Doctor In Apple Mac App Store Secretly Collects Browser History And Sends Data To China

Mac App Stores Adware Doctor Collect Browser History
Justin Sullivan / Getty Images

Adware Doctor, one of the most popular paid apps in the App Store for Mac, is essentially a spyware that secretly violates user privacy.

Patrick Wardle, a former NSA hacker and founder of Mac security company Objective-See, revealed that the app violated Apple’s App Store policy by copying users’ browser history without consent and sending the data to a server in China.

Adware Doctor promoted itself as an app that prevents malware and malicious files from infecting Macs, promising users to keep their Mac safe and get rid of the annoying pop-up ads.

In a blog post published on Friday, Wardle pointed out that like other security tools, Adware Doctor needed legitimate access to user files and directories to scan for malicious code.

He explained that once the user clicks “allow” to grant the app permission to the home directory, Adware Doctor will have access to all of the user’s files, enabling it to detect and clean adware, as well as collect and transfer any file. The app could then zip the collected data into an archive file and send this to a China-based domain.

Wardle said that collecting browser histories is a blatant violation of user privacy and beyond what is needed for the app to work as advertised.

“At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user,” Wardle wrote on Objective-See’s blog.

Apple prohibits apps that gather the kind of data that Adware Doctor collects without consent, and apps that do not meet the company’s strict security criteria are rejected.

Wardle said that he has notified Apple about the issue weeks prior to the publication of his blog post. The app was still available Friday morning, but the media coverage the security issue received apparently prompted Apple to pull Adware Doctor out of the app store. The company, however, remained mum on the issue.

Apple Mac App Store Adware Doctor Violates User Privacy
  Brian Kersey / Getty Images

Before Adware Doctor was taken down, it was the fourth-highest app in the Top Paid software programs of the Mac App Store, just behind Final Cut Pro, Magnet, and Logic Pro X. At $4.99, it was one of the number one paid utilities in the app store.

Threatpost identified the developer of the software as Yongming Zhang. Website 9to5Mac said that the server that collects the data is now offline, but noted that this can still be turned back on.