Apple prides itself on prioritizing user security and privacy[1]. It counts the iOS and Mac App Stores, where customers can download an array of trusted, vetted software, as cornerstones of that initiative. But while the approach does minimize situations where users get tricked into downloading something nasty on the open web, malware inevitably slips through. In this case, that appears to include one of the most popular offerings in the Mac App Store.
Security-scanning app Adware Doctor currently sits fourth on the Mac App Store's list of "Top Paid" apps. But after a researcher who goes by Privacy 1st[2] released a proof of concept video detailing suspicious behavior in the app, Mac security researchers Patrick Wardle of Digita Security and Thomas Reed of Malwarebytes independently investigated it as well.
The researchers found that Adware Doctor collects data about its users, particularly browsing history and a list of other software and processes running on a machine, stores that data in a locked file, and periodically sends it out to a server that appears to be located in China. (For what it's worth, they say it's also not a very good adware scanner.) All of these actions seem to violate the App Store's developer guidelines, but while Privacy 1st notified Apple about the concerns weeks ago, the app remains.
"Unfortunately the App Store is really not the safe haven that Apple would like people to think it is," Reed says. "We detect and track a number of different suspicious apps in the App Store. Some of those have been removed quickly, and others have taken as much as six months to get removed. It’s not outright malware, but this junk software that’s stealing your data is pretty bad." Apple and Adware Doctor