A top-tier app in Apple’s Mac App Store stole your browser history

It was discovered that a popular top-level application on Mac Mac App Store stole browser history to anyone who downloaded it.

However, at the time of writing this article, the dishonest Adware Doctor application stands as Gross Payment Application N.1 in the app store utilities categories. But Apple was warned weeks ago and did nothing to disconnect the application.

Now it seems that Apple has withdrawn the application. Apple declined to comment on the record.

Apple's garden approach to Mac and iPhone security is almost entirely based on the inability to install apps outside of the app store, which Apple monitors closely. While it is not uncommon to hear the slip of dangerous applications in Google Play Store, it is almost unprecedented for Apple to face the same fate. Any application that does not comply with the strict security of the company and, sometimes, with moral criteria will be rejected, and users will not be able to install it.

This application promises to "keep your Mac safe" and "get rid of annoying pop-ups". Ads "and even" discover and remove threats on your Mac. "But what the application will not tell you is that for a few dollars it will steal and download your browser history, including all the sites you have searched for or accessed servers in. China managed by the application's manufacturers.

Thanks in part to a video posted last month on YouTube and with the help of security firm Malwarebytes, it's now clear what the application does.

The researcher Patrick Wardle , a former NSA hacker and now head of research at the cybersecurity company Digita Security, excavated and shared his findings with TechCrunch.

Wardle discovered that the downloaded application jumped through hoops to bypass the sandboxing functions of Apple's Mac, which prevents applications from fetching data on the hard drive and uploading a user's browser history in Chrome, Firefox and Safari browsers. [19659] 002] Wardle discovered that the application, thanks to Apple's own defective exam, could request access to the user's home directory and its files. That's not uncommon, Wardle says, because tools that promote themselves as anti-malware or anti-adware expect access to user files to look for problems. When a user allows such access, the application can detect and clean adware, but if it is discovered to be malicious, it can "collect and filter any user file," Wardle said.

Once the data is collected, it is compressed into a file file and sent to a domain based in China.

Wardle said that, for some reason, in the last few days the China-based domain has been disconnected. At the time of writing, TechCrunch confirmed that the domain would not be resolved, in other words, it was still inactive.

"Let's face it, your browsing history provides an idea of ​​almost every aspect of your life," Wardle said. submit. "And people have even been convicted based primarily on their Internet searches!"

He said that the application's access to said data "is clearly based on deceiving the user".

Apple was contacted a few weeks ago. The email with which he responded, in a few words, said "we can not tell him anything", but he sent the comments.

A scarce $ 4.99 for the application may not seem like much to the average user, but it's a heavy price problem to pay for having the application steal your browser's history, which users will never recover. And since Apple makes a cut of 30 percent of each purchase of this popular application, there is not much financial incentive to withdraw the application from the store.

Updated at 9:05 a.m. PT: with confirmation that the application has been withdrawn.