Apple’s unsafe Mac App Store is simply inexcusable

adware doctor mac app store

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Mac fans haven’t felt the love from Apple lately, but the problems go beyond a lack of new products. It’s become a matter of security.

A string of recent reports has shown certain apps in the Mac App Store were stealing data without user knowledge. These apps were supposedly vetted by Apple, and were popular, frequently-downloaded apps on the Mac App Store. Users had no reason to suspect the apps were malicious.

People’s trust in Apple has left them vulnerable, and it’s time Apple addressed it.

An app store legacy

The success of the iPhone has a lot to do with the app store’s curation. Each app available on iOS has an implied seal of approval from Apple. If you can download an app on your iPhone, it can be trusted. It’s safe. It’s a stark contrast from the Google Play store, which isn’t nearly as rigorous.

Adware Doctor app
Adware Doctor app

Much of the iOS App Store’s credibility has carried over to the Mac App Store, but apparently, it’s not deserved. As reported by ThreatPost, an app called Adware Doctor has been copying people’s browsing history from Chrome, Firefox, and Safari, and sending it off to a China-based domain, for currently unknown purposes. The app requests access to several questionable functions, though because of the trust people have put in the highly-rated app, they often approve the access.

Adware Doctor was in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro.

The app was able to pass through the security controls of MacOS undetected, pull sensitive browsing history data, and download it as a zip archive. That flies in the face of Apple’s own data privacy policies. Of course, security breaches happen. That’s something every software company in the world deals with. The real problem is Apple’s failure to quickly remove the app.

The data theft was noted first by Patrick Wardle, founder of Mac security company Objective-See. According to him, Apple had been alerted about the suspicious app a month ago, and at the time of going public with his findings, had failed to take action.

Adware Doctor wasn’t just a small app that snuck through the fence. As ThreatPost points out, the app was listed in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro. It was listed with endless five-star reviews, which were no doubt fake. It’s not hard to imagine why people would trust an app with such a high profile.

While Adware Doctor has since been removed, it took widespread media coverage for Apple to protect Mac owners who were actively having their data stolen. Apple’s failure to act quickly breaches the trust owners have put in Apple’s store.

It’s not just a few oddballs. It’s a trend

Adware Doctor isn’t the only app that’s been caught. In fact, an entire suite of apps from Trend Micro has been flagged for capturing the same data. That includes Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, and App Uninstall. Trend Micro initially denied the findings, but has since removed all such functions from the apps in attempts to get back into Apple’s good graces.

How could an app like this pass muster to begin with?

Malwarebytes said it has “taken as long as six months for a reported app to be removed.”

As it turns out, Adware Doctor was first accepted by Apple under the name of Adware Medic, which just happened to share its name with AdwareMedic app, a legitimate piece of software run by Malwarebytes. Trend Micro’s app was then removed, only to be re-accepted as Adware Doctor.

Not only did Apple approve an unsafe app, it approved it masquerading under the name of a proper app. That’s hardly top-tier espionage. If Apple could fall for that, what else might’ve pass by undiscovered?

Malwarebytes has been looking into that issue for years and reporting the appearance of junk software in Mac App Store. According to Malwarebytes, it’s sometimes “taken as long as six months for a reported app to be removed.”

With Apple’s renewed focus on the App Store in MacOS Mojave, we can only hope it takes back responsibility for cleaning up its mess. Yet with Apple’s attention squarely on iOS, we’re not getting our hopes up. If security isn’t a good enough reason to remember the Mac, then what is?

Business

Report: President Trump to spare Apple from tariffs on Chinese goods

According to a new report, Apple and other tech firms may be spared from the Trump administration's upcoming tariffs on Chinese goods. While devices like the Apple Watch were on a preliminary list, they have reportedly been removed.
Mobile

The best weather apps for the iPhone

Don't rely solely on your local meteorologist to stay up to date on the weather. Take matters into your own hands with one of these weather apps, each of which brings something unique to the table.
Smart Home

Amazon Go, the checkout-free convenience store, opens in Chicago

Amazon's checkout-less convenience store, Amazon Go, is now open in Chicago. It's the first of the high-tech stores that allow people to grab items and go not located in the company's home city of Seattle.
Computing

Don't spend hundreds on Pro Tools or Logic. Try one of these free alternatives

Believe it or not, Pro Tools isn't the only digital audio workstation worth your time. Check out our picks for the best free recording software, whether you're looking for a lightweight app or a full-blown audio workstation. Updated meta…
Computing

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…
News

Winamp media player might be back from the dead, with Windows 10 support

Winamp might be back from the dead, and it's bringing support for Microsoft Windows 10 with the first new software release since its acquisition by Radionomy in 2014. Fans of the media player will also enjoy new features and bug fixes.
Computing

Heavily overclocked RTX 2080 Ti steals every 3DMark record

Nvidia's RTX 2080 Ti is already the most powerful graphics card ever released, but with liquid nitrogen cooling overclocker Kingpin was able to push the card to new heights and break a bunch of records in the process.
Computing

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.
Computing

Chromebook keyboard showcase may have leaked Pixelbook 2 images

As we approach Google's #madebygoogle event taking place in early October, new rumors and leaks for a possible Pixelbook 2 are appearing online. This latest one may show what the rumored Nocturne design will look like.
Virtual Reality

Walmart stocks its stores with VR training for its employees

Walmart will begin rolling out virtual reality training experiences to all of its stores this year with the power of Oculus Go. More than 6,300 stores will receive the new technology, helping the company train its employees.
Computing

Tap Strap wearable keyboard gains support for VR applications

TAP System's wearable keyboard gains support for virtual reality, now compatible with Windows Mixed Reality, Oculus Rift, and HTV headsets. Type and tap for up to eight hours in VR without needing to look at a physical keyboard.
Computing

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.
Deals

Walmart takes $380 off the MacBook Air for a limited time

Walmart is offering a steep discount on the MacBook Air. Though the $380 discount is lovely, this offer comes with an extra charger to sweeten the deal. If you're looking to pick up an Apple MacBook for less, now is an excellent time.
Computing

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.