[ad_1]
A very popular application, supposed to protect Apple Mac users against threats to privacy, ironically irritates their browsing history and sends it to a server in China, warned Friday two researchers. They say that the issue of privacy is huge. And Apple is under fire for not acting.
The application in question is Adware Doctor, sold for $ 14.99 and promises to remove adware, malware and other malware from Apple PCs. At the time of writing this document, it was among the top 10 best-paid apps on the App Store. It also claims to be able to kill annoying pop-ups while "preserving" the browsing history.
As part of this last feature, the creator of Adware Doctor has chosen to take into account the browsing history of customers and store them on its own server, located in China. Any user running both the application and a major browser (Chrome, Firefox and Safari in this case) has probably seen his online activity recorded and stolen from the Chinese server. And the app has retrieved recent searches from all users in the App Store app.
It may have been almost three years since the first version of Adware Doctor was released in December 2015. The first to discover this suspicious activity was a security researcher going through Twitter @privacyisfirst, which had published a Warning in August.
Researchers Patrick Wardle and Thomas Reed, both of whom have studied the behavior of Adware Doctor, believe that the issue of confidentiality is enormous.
"The history of navigation is an extremely personal and potentially very sensitive thing. It could contain data that could be used for blackmail, "warned Reed, researcher at Malwarebytes. "It could also contain company-specific URLs for a person's employer, which could allow a potential attacker to know the company's internal systems.
"It's serious anyway, but it's worse than it's sent to a country where the government does not have the habit of protecting privacy." Reed is looking at at least three other tools on Apple's App Store things. "
Apple did not respond to a request for comment. The creator of Dr. Adware, Yongming Zhang, did not respond to emails from Forbes.
Anger at Apple
Wardle said that he had reported the problem to Apple last August, but that the company had done nothing to prevent Adware Doctor from taking the browsers history. The former NSA analyst and co-founder of DigitaSecurity commented Friday on his problems with Apple.
Apple should take action, since it seems that Adware Doctor has broken many policies of the Cupertino giant, Wardle added. First, Adware Doctor has found a way around Apple's "sandbox" technology, which is supposed to prevent one application from reaching and retrieving data from another. The hijacking of the browsing history also constitutes a violation of Apple's policy, Wardle said.
"How does Apple claim to care about the privacy of users and allow an app like this to stay in the App Store? "The story of Apple is that the Mac App Store is designed to explicitly counteract this type of behavior. They tell us that they control all applications and that we should trust them.
"But why, in the name of God, do not they react quickly and decisively when someone reports a malicious application?"
He called on Apple to ban the app and its store developer. And he said that Apple should go further and also refund each user of the application.
UPDATE
Apple said after publication that Adware Doctor had been removed from the App Store.
In addition, the company said it added security measures in the next version of macOS, dubbed Mojave. It will extend sandboxing protection on privacy-sensitive content, such as Safari history and cookies.
[ad_2]
Source link
