Apple has a positive reputation when it comes to privacy and security. However, multiple sources reported this week that numerous apps in the Mac app store are discretely collecting user browsing data in Safari.
Patrick Wardle reported on security blog Objective-See, “a massively popular app, surreptitiously steals your browsing history.” Because of Apple’s good reputation, people generally trust the apps listed on both the macOS and iOS app stores.
The apps that were collecting user data weren’t just obscure apps with few users. The most notable app involved is Adware Doctor, an anti-malware and ad-blocker application. It was listed as the top grossing paid application in the app store and had over 7000 5-star reviews.
Popularity Doesn’t Mean an App Is Trustworthy
Adware Doctor costs $4.99 to install on your Mac and it has mostly positive reviews. However, Wardle believes that the ratings are mostly fake — another issue with Apple’s app store. When selecting an app people often rely on reviews and feedback from other users. But if this information is falsified in anyway, people could be mislead into downloading apps that really don’t do what they say.
We recommend researching apps or any software before you install it on your computer and other devices. In the case of Adware Doctor, its developer is listed as “Yongming Zhang”. Other apps that were involved in this data collection issue were developed by “Trend Micro”. Similar to the apps by Yongming Zhang, these apps were all top-sellers with thousands of positive reviews.
Stoked that Apple has:
❌ now removed the app (& dev's others apps)
🛡️ is adding extra sandboxing protection on "privacy-sensitive content like Safari history" in Mojave
Mahalo Cupertino! 🍎🙏😍
Background: "A Deceitful 'Doctor' in the Mac App Store" https://t.co/iI06JFlYik
— patrick wardle (@patrickwardle) September 7, 2018
Apple Has Removed Many of The Implicated Apps
Adware Doctor, and many apps by Trend Micro, have now been removed from the Mac app store. Allowing these apps to get into the app store at all clearly goes against Apple’s policies. This also indicates that the app store approval processes have room for improvement.
From Apple’s App Store Guidelines:
“If you attempt to cheat the system (for example, by trying to trick the review process, steal user data, copy another developer’s work, or manipulate ratings) your apps will be removed from the store and you will be expelled from the Developer Program.”
“Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, or other user inputs.”