Apple has pulled Adware Doctor from the Mac App Store. The app, which was the top paid utility app on the App Store and was designed to "prevent malware and malicious files from infecting" Mac devices, was spotted sending user data to a server in China without explicitly gaining consent from users. Security researchers have confirmed the existence of the flaw that violates Apple's policies. The app originally posed as Adware Medic and was the fifth top paid app overall on the Mac App Store.
Security researcher Patrick Wardle spotted that Adware Doctor collects sensitive user information from a Mac machine and then saves it in a password-protective file called history.zip. Once archived, the app uploads the file to a server based in China via "adscan.yelabapp.com". While the archive is said to be password protective, Wardle was able to access the hardcoded password and found that the app collected browsing history from Chrome, Firefox, and Safari at the time of his testing.
It is worth pointing out here that the app does require user permissions to access home directory and files on the Mac device. However, it indeed doesn't to access the home directory and files just to scan malware and allegedly exfiltrates user information to a source in China. This notably doesn't violate the "sandboxing" protection that Mac apps have to restrict access to only those areas on which users have granted permissions to. Further, the Adware Doctor app is said to generate a log of the apps that you've installed on your system as well as records of their source.
Wardle conducted his research after a German security researcher, who tweets under pseudonym Privacy 1st, posted a video highlighting the security loophole. The researcher also contacted Apple about the flaw last month.
Apple confirmed to BuzzFeedNews about the removal of the Adware Doctor app from its Mac App Store. However, it didn't reveal any details about the security breach.
At the time of filing the story, the Mac App Store wasn't providing access to download Adware Doctor. Similarly, the given link to the Chinese server was inaccessible too.
Apple is implementing an enhanced sandboxing security in macOS 10.14 Mojave to overcome issues that come from apps such as Adware Doctor going forward. Moreover, the next macOS version is bringing protection to Safari history and cookies from apps to restrict access to user content even in the cases where users have granted access to areas such as the home directory.