Nothing is safe in this era of cybercrimes and vicious hackers. They have started disguising in legit apps to fool you and rob you, leaving you high and dry. One of the apps, which used to be claimed to be number one paid utility in the Mac App Store, is found to be secretly saving data such as browsing the history of users and sending it to a server in China.
When Apple came to know about it, it pulled Adware Doctor from the Mac App Store. One of the security researchers Patrick Wardle said, “He notified Apple about the issue a month ago however the app was available on the Mac App Store till the first week of September.
How Did The App Fooled Apple?
Well, the app has everything which makes it look legit. The app before it got removed was the top ranking in “Top Paid” apps. You could get the app for $4.99, was validly signed by Apple. Moreover, it’s listing on Mac App Store is followed by a lot of positive and five-star reviews(which are now thought of as fake). Adware Doctor app’s functionality was to protect your Mac computer from malicious files and other malware files.
At first, the app was presented as Adware Medic, an app developed by Malwarebytes, that’s why it changed its name to Malwarebytes for Mac, Apple pulls it out. It finally changed the name to Adware Doctor, when Apple reeled it in. The security researcher did a detailed research of app to check what the functionality of the app is when it was alerted by another researcher, Privacy 1st.
In his research, the app creates a password protected archive known as history.zip. Once it collects the data, it uploads the file to one server located in China. He also informed that password was hardcoded which enabled him to open a zip file and check the file contents. The file contained browsing history Safari, Chrome, Firefox, and others.
Mac has sandboxing feature which adds an extra layer of security to your computer. It prevents harmful malware and other infections from corrupting your Mac. This stops apps from collecting data from other apps. However, Adware Doctor asks for universal access when it is run for the first time. Therefore it wouldn’t appear dubious, as it expected to allow malware scan. In his research, Patrick found out that this app was capable to access running processes, which should not be allowed to the app due to sandboxing.
This app could bypass Sandboxing by using Apple’s own codes. He quoted, “It’s (likely) just a copy and paste of Apple’s GetBSDProcessList code (found in Technical Q&A QA1123 “Getting List of All Processes on Mac OS X”). Apparently, this is how one can get a process listing from within the application sandbox! I’m guessing this method is unsanctioned (as it clearly goes against the design goals of sandbox isolation). And yes, rather amusing the code Adware Doctor uses to skirt the sandbox, is directly from Apple.”
The app could also keep a tab on apps downloaded and save it in logs along with the source. The major concern is why Apple kept such an app in its Mac App Store in the first place and if a researcher has pointed out, why it has not investigated in the direction to find the solution sooner.
How Apple Will Secure Mac In Future?
We are not denying that Apple has worked hard in keeping the apps and their data safe with sandboxing and it’s totally user intent that grants permission to such apps of these apps can and can’t do. Apple has improved sandboxing protections in its upcoming macOS Mojave, now even if a user provides full access to an app, the app will not be able to read sensitive information like Safari history and cookies.
Well, Apple has claimed to accomplish the task of preventing this from happening in future, now it’s us, the users who have to be careful before giving an app total access.