Apple has removed a top Mac app called Adware Doctor, designed to "prevent malware and malicious files from infecting your Mac," which, according to security researchers Patrick Wardle and Privacy1st, was collecting users' browsing history without their consent, violating Apple's policies
Wardle, who shared his findings with TechCrunch, found that Adware Doctor requested access to users' home directory and files — not unusual for an anti-malware or ad-ware app that scans computers for malicious code — and used that access to collect Chrome, Safari, and Firefox browsing history, and recent App Store searches. The data is then zipped in a file called "history.zip" and sent to a server based in China via "adscan.yelabapp.com." Two independent security researchers confirmed to Motherboard that Wardle's report was accurate.
In his blog post, Wardle noted, "The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up!"
Security researcher Privacy 1st tweeted that they initially contacted Apple about the Adware Doctor issue on August 12.
Apple confirmed to BuzzFeed News on Friday that it has removed the app from its Mac App Store, but did not offer further comment. Adware Doctor did not immediately respond to a request for comment.
Adware Doctor, which costs $5, was the top paid app in the "Utilities" category, and the fifth top paid app overall, before it was removed Friday. The app appears to violate the App Store's "Data Collection and Storage" guidelines, which require that prohibit developers from "surreptitiously discovering private data" or collecting data without consent. It is unclear whether customers who purchased the app will receive a refund.