Apple’s unsafe Mac App Store is simply inexcusable

adware doctor mac app store

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Mac fans haven’t felt the love from Apple lately, but the problems go beyond a lack of new products. It’s become a matter of security.

A string of recent reports has shown certain apps in the Mac App Store were stealing data without user knowledge. These apps were supposedly vetted by Apple, and were popular, frequently-downloaded apps on the Mac App Store. Users had no reason to suspect the apps were malicious.

People’s trust in Apple has left them vulnerable, and it’s time Apple addressed it.

An app store legacy

The success of the iPhone has a lot to do with the app store’s curation. Each app available on iOS has an implied seal of approval from Apple. If you can download an app on your iPhone, it can be trusted. It’s safe. It’s a stark contrast from the Google Play store, which isn’t nearly as rigorous.

Adware Doctor app
Adware Doctor app

Much of the iOS App Store’s credibility has carried over to the Mac App Store, but apparently, it’s not deserved. As reported by ThreatPost, an app called Adware Doctor has been copying people’s browsing history from Chrome, Firefox, and Safari, and sending it off to a China-based domain, for currently unknown purposes. The app requests access to several questionable functions, though because of the trust people have put in the highly-rated app, they often approve the access.

Adware Doctor was in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro.

The app was able to pass through the security controls of MacOS undetected, pull sensitive browsing history data, and download it as a zip archive. That flies in the face of Apple’s own data privacy policies. Of course, security breaches happen. That’s something every software company in the world deals with. The real problem is Apple’s failure to quickly remove the app.

The data theft was noted first by Patrick Wardle, founder of Mac security company Objective-See. According to him, Apple had been alerted about the suspicious app a month ago, and at the time of going public with his findings, had failed to take action.

Adware Doctor wasn’t just a small app that snuck through the fence. As ThreatPost points out, the app was listed in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro. It was listed with endless five-star reviews, which were no doubt fake. It’s not hard to imagine why people would trust an app with such a high profile.

While Adware Doctor has since been removed, it took widespread media coverage for Apple to protect Mac owners who were actively having their data stolen. Apple’s failure to act quickly breaches the trust owners have put in Apple’s store.

It’s not just a few oddballs. It’s a trend

Adware Doctor isn’t the only app that’s been caught. In fact, an entire suite of apps from Trend Micro has been flagged for capturing the same data. That includes Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, and App Uninstall. Trend Micro initially denied the findings, but has since removed all such functions from the apps in attempts to get back into Apple’s good graces.

How could an app like this pass muster to begin with?

Malwarebytes said it has “taken as long as six months for a reported app to be removed.”

As it turns out, Adware Doctor was first accepted by Apple under the name of Adware Medic, which just happened to share its name with AdwareMedic app, a legitimate piece of software run by Malwarebytes. Trend Micro’s app was then removed, only to be re-accepted as Adware Doctor.

Not only did Apple approve an unsafe app, it approved it masquerading under the name of a proper app. That’s hardly top-tier espionage. If Apple could fall for that, what else might’ve pass by undiscovered?

Malwarebytes has been looking into that issue for years and reporting the appearance of junk software in Mac App Store. According to Malwarebytes, it’s sometimes “taken as long as six months for a reported app to be removed.”

With Apple’s renewed focus on the App Store in MacOS Mojave, we can only hope it takes back responsibility for cleaning up its mess. Yet with Apple’s attention squarely on iOS, we’re not getting our hopes up. If security isn’t a good enough reason to remember the Mac, then what is?

Product Review

With more screen and 1 world-first feature, the Apple Watch still rules the wrist

Apple already ruled the smartwatch market with the Apple Watch Series 3, but the Series 4 elevates it to new levels with more screen, a sleeker design, and even an world-first electrocardiogram app that lets you keep tabs on your ticker.
Smart Home

Amazon Go, the checkout-free convenience store, opens in Chicago

Amazon's checkout-less convenience store, Amazon Go, is now open in Chicago. It's the first of the high-tech stores that allow people to grab items and go not located in the company's home city of Seattle.
Computing

Don't spend hundreds on Pro Tools or Logic. Try one of these free alternatives

Believe it or not, Pro Tools isn't the only digital audio workstation worth your time. Check out our picks for the best free recording software, whether you're looking for a lightweight app or a full-blown audio workstation. Updated meta…
Mobile

Putting the app in Apple: Check out our favorite new and updated iOS 12 apps

Get ready for some huge changes to your iPhone or iPad. Apple is releasing iOS 12 on September 18. The latest iOS features a number of updated apps, as well as a few new ones. Here's some of our favorite apps in iOS 12.
Home Theater

HDMI 2.0b is a whole lot more than just a connection to your TV

HDMI 2.0b is the backbone for many of the latest updates in 4K UHD technology. And while a new cable standard can often involve a bunch of changes for consumers, that is not the case this time around.
Deals

The best laptop deals for September 2018

Whether you're getting ready for a new school year, shopping for a special student, or just need a new computer, we've got you covered: These are the best laptop deals going, from discounted MacBooks to an on-the-go gaming PC.
Web

Firefox Reality wants to bring the ‘whimsical web’ to VR

Mozilla launched a VR-powered web browser today called Firefox Reality. But just what does browsing the web in VR feel like? We went hands-on with this new browser to see how Mozilla imagines the future of virtual reality content.
Deals

Black Friday 2018: When it happens and where to find the best deals

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.
Computing

A vigilante botnet is taking out crypto-jacking malware

A new botnet is on the rise but it isn't being used to take down websites or hack servers, it's going after crypto-jacking malware. When it discovers the malware on a website, it takes it over before destroying them both.
Computing

New monitors from Philips are sleek, color-accurate, cost less than $200

Phillips' new E-Series line of monitors bring thin-bezel, color accurate 1080p IPS LED displays to the market in three different sizes without breaking the bank, while also packing in AMD FreeSync technology for gamers.
Computing

Facebook appears set on crafting custom silicon for augmented reality devices

Facebook's latest job postings are seeking engineers and developers for custom augmented reality chipsets, and seem to support speculation that the company is looking to produce AR glasses.
Computing

Windows handwriting-recognition tool may pose security risk

A Windows file that is designed to help improve the platform's ability to translate your handwritten notes into readable text may be a security concern. One researcher found it contained passwords and email contents.
Computing

Nvidia GeForce RTX 2080 vs. RTX 2080 Ti

Nvidia's RTX 2080 Ti is a beast of a graphics card, packing in RT, Tensor, and CUDA cores to enhance your gaming experience. We'll compare the Ti variant to the standard RTX 2080, and we'll let you know which card to buy.
Computing

Nvidia GeForce RTX 2080 vs. GTX 1080

Should you upgrade from your GeForce GTX 1080 to the GeForce RTX 2080? Even if you won't take advantage of ray tracing, there are other benefits to the RTX series. We'll examine how each GPU performs to help you decide.