13 Sep

The Mac App Store has taken down a number of well known security apps for the Apple Mac after it was discovered that they are being used to spy on the browsing habits of their users.

Which Apps?

It has been reported that Dr Unarchiver, Dr Cleaner, Adware Medic, Adware Doctor and App Uninstall have all been removed from the Apple-curated Mac App Store on the grounds of spying on users.

Rumbled

A researcher in Germany, identified only by their @privacyis1st twitter identity is credited with alerting the Mac App Store to the fact that the Adware Doctor app attributed to a company called Yongming Zhang (the name of a well-known Chinese serial killer) and the Trend Micro apps were linked to the same suspect IP address in China.

It has also been reported that suspicions and concerns about the apps go back some years. For example, online reports about Adware Doctor from 2016 indicate that the app was using AppleScript to perform actions in violation of Apple's App Store Guidelines. It has also been alleged that the glowing reviews of Adware Doctor and other applications by the same developer may have been faked.

How?

It has been reported that the suspect apps were able to spy by first tricking the user into giving them macOS home directory access with virus scanning and clear cache options. When this permission was granted, the apps were able to abuse access privileges by gathering browser-history data from Chrome, Firefox and Safari. This data was then sent back to suspected malicious operators.

What Does This Mean For Your Business?

This is not the first time that there have been reports of dodgy apps lurking in legitimate stores. For example, back in January, 36 fake and malicious apps for Android that could harvest your data and track your location, masquerading as security tools were discovered in the trusted Google Play Store. All had reassuring names such as Security Defender and Security Keeper, and many performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, but all were found to be hiding malware, adware and tracking software.

Apple generally has a good brand reputation with regards to security so it will undoubtedly be very unhappy to have its name and the store that it curates associated in any way with any malicious apps.

This story is another reminder that, when it comes to apps, even though the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Apple (in this case) didn’t immediately spot the hidden aspects of the apps. Also, we often don’t have the time to make checks on the apps that we download, and good reviews and the ‘halo effect’ of the good name of the store that they’re in are often enough of a recommendation for us to act.

The fact that many of us now store most of our personal lives on our smart phones makes reports such as these all the more alarming, and can undermine our confidence in (and cause costly damage to) the brands that are associated with such incidents.

To minimise the risk of falling victim to suspect apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone's service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.

The bad publicity from this story may also make Apple keen to review its systems and procedures for checking the apps that are offered in the store that it curates.