Skip to main content
  1. Home
  2. Computing
  3. Features

Apple’s unsafe Mac App Store is simply inexcusable

Luke Larsen
By
adware doctor mac app store
Image used with permission by copyright holder

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Mac fans haven’t felt the love from Apple lately, but the problems go beyond a lack of new products. It’s become a matter of security.

A string of recent reports has shown certain apps in the Mac App Store were stealing data without user knowledge. These apps were supposedly vetted by Apple, and were popular, frequently-downloaded apps on the Mac App Store. Users had no reason to suspect the apps were malicious.

Related

People’s trust in Apple has left them vulnerable, and it’s time Apple addressed it.

An app store legacy

The success of the iPhone has a lot to do with the app store’s curation. Each app available on iOS has an implied seal of approval from Apple. If you can download an app on your iPhone, it can be trusted. It’s safe. It’s a stark contrast from the Google Play store, which isn’t nearly as rigorous.

Adware Doctor app
Adware Doctor app Image used with permission by copyright holder

Much of the iOS App Store’s credibility has carried over to the Mac App Store, but apparently, it’s not deserved. As reported by ThreatPost, an app called Adware Doctor has been copying people’s browsing history from Chrome, Firefox, and Safari, and sending it off to a China-based domain, for currently unknown purposes. The app requests access to several questionable functions, though because of the trust people have put in the highly-rated app, they often approve the access.

Adware Doctor was in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro.

The app was able to pass through the security controls of MacOS undetected, pull sensitive browsing history data, and download it as a zip archive. That flies in the face of Apple’s own data privacy policies. Of course, security breaches happen. That’s something every software company in the world deals with. The real problem is Apple’s failure to quickly remove the app.

The data theft was noted first by Patrick Wardle, founder of Mac security company Objective-See. According to him, Apple had been alerted about the suspicious app a month ago, and at the time of going public with his findings, had failed to take action.

Adware Doctor wasn’t just a small app that snuck through the fence. As ThreatPost points out, the app was listed in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro. It was listed with endless five-star reviews, which were no doubt fake. It’s not hard to imagine why people would trust an app with such a high profile.

ALERT: ADWARE DOCTOR STEALING YOUR FILES PART 2

While Adware Doctor has since been removed, it took widespread media coverage for Apple to protect Mac owners who were actively having their data stolen. Apple’s failure to act quickly breaches the trust owners have put in Apple’s store.

It’s not just a few oddballs. It’s a trend

Adware Doctor isn’t the only app that’s been caught. In fact, an entire suite of apps from Trend Micro has been flagged for capturing the same data. That includes Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, and App Uninstall. Trend Micro initially denied the findings, but has since removed all such functions from the apps in attempts to get back into Apple’s good graces.

How could an app like this pass muster to begin with?

Malwarebytes said it has “taken as long as six months for a reported app to be removed.”

As it turns out, Adware Doctor was first accepted by Apple under the name of Adware Medic, which just happened to share its name with AdwareMedic app, a legitimate piece of software run by Malwarebytes. Trend Micro’s app was then removed, only to be re-accepted as Adware Doctor.

Not only did Apple approve an unsafe app, it approved it masquerading under the name of a proper app. That’s hardly top-tier espionage. If Apple could fall for that, what else might’ve pass by undiscovered?

Malwarebytes has been looking into that issue for years and reporting the appearance of junk software in Mac App Store. According to Malwarebytes, it’s sometimes “taken as long as six months for a reported app to be removed.”

With Apple’s renewed focus on the App Store in MacOS Mojave, we can only hope it takes back responsibility for cleaning up its mess. Yet with Apple’s attention squarely on iOS, we’re not getting our hopes up. If security isn’t a good enough reason to remember the Mac, then what is?

Editors' Recommendations

Topics
Luke Larsen
Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior editor of computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Apple’s big M3 MacBook event could be in danger
Apple CEO Tim Cook looks at a display of brand new redesigned MacBook Air laptop during the WWDC22

We’re only about a couple weeks or so out from Apple’s September event, where the company will unveil its iPhone 15 and a slate of brand new Apple Watches. But if you’re holding out for a new MacBook Pro or MacBook Air, don’t get your hopes up -- these laptops, which are rumored to be outfitted with one of the most significant chip upgrades in years, aren’t expected to come until October.

According to Bloomberg reporter Mark Gurman’s latest Power On newsletter, the show will be the first time the public casts eyes on the iPhone 15 range, as well as the Apple Watch Series 9 (and potentially a second-generation Apple Watch Ultra). It’ll follow the now-established pattern of a prerecorded video followed by an in-person hands-on session.

Read more
Report: Apple’s 2024 MacBooks may face some serious shortages
Apple's John Ternus stands next to an image of the 15-inch MacBook Air at Apple's Worldwide Developers Conference (WWDC) in June 2023.

Looking forward to getting a new MacBook in the next year or so? You might have to wait longer than expected, as Apple chip supplier TSMC is reportedly struggling to get enough skilled workers for its forthcoming Arizona factory. That could mean we see serious shortages of Apple laptops and a struggle to get hold of stock.

The bad news comes from The Wall Street Journal. According to the outlet, TSMC has said that “people with expertise erecting semiconductor facilities were in short supply in the U.S.” As a result, the Arizona factory “would miss its target of starting mass production next year.”

Read more
Apple’s 32-inch M3 iMac could be facing yet another delay
Man using a 24-inch M1 iMac.

If you’ve been holding out for an iMac loaded up with a new M3 chip, there’s bad news: it might be delayed until next year. It means an even longer wait for anyone who wants an all-in-one Apple computer with an upgraded chip -- right now, the M1 chip in the current 24-inch iMac is over two years old.

The news on the iMac postponement comes from the Power On newsletter published by journalist Mark Gurman, who has released accurate information about Apple’s upcoming products many times in the past.

Read more