Popular Mac App Store Utility Turned Out to Be Spyware

(Josh Centers) #1

Originally published at: https://tidbits.com/2018/09/07/popular-mac-app-store-utility-turned-out-to-be-spyware/

A paid utility that was secretly spying on users’ Web browsing histories somehow made it past both Apple’s review process and macOS’s application sandboxing.

(Dennis Swaney) #2

Looks like several people at Apple aren’t doing their jobs.

(Gil Woolley) #4

Hmmm. I looked and found AdwareMedic.app created and modified 2015. Slightly different name than Adware Doctor. I cannot remember when I installed it. Any comments? Can I just drag it to the trash or does it need an uninstall process?

(Al Varnell) #5

Adware Medic has become Malwarebytes for Mac, so it is no longer being supported or updated. As I recall, it can just be dragged to the trash.

(David Ross) #6

Many of the ones that slip by do things ike

  • turn off the bad things until several weeks or months after submission.
  • behave if they geo locate to somewhere near the bay area
  • behave if any IP address starts with 17.x.x.x
  • behave if any user settings seem to be tied to apple.com
    and so on.

(Gil Woolley) #7

Al, Thanks. I’ll do that. Gil

(Dennis Swaney) #8

Interesting. However, Apple should be able to compensate for those things during testing.

(Simon) #9

I would have thought they actually review the code rather than just try out the app (which anybody could do).

(Al Varnell) #10

Do you have a reference for any of this? I follow such things on a daily basis and work with several who have excellent reverse engineering skills on such things and don’t recall any of the incidents you outline even being being reported.

(David Ross) #11

The things I mentioned are trivial and likely detected by scans of the app binaries. I read about them going back over 5 years ago. One that seems to stick in my mind was a teathering app back before it was allowed.

Now days I’m sure there are more complicated things being done by folks trying to slip by the guardians of the app store. I can think of several ways to hide things that might get by reviewers.

(David Ross) #12

Have you every tried to read the code for a complicated application? Some of these apps likely have over 100K lines of “code” spread accross 100s of modules. And multiple those numbers by 10 or 100 for apps like MS Word or similar.

It would be a hopeless task. In just the time required. Much less understanding the code base. And what about code written in Hindi? Or code run through things to deliberately make it hard to decipher. (Think of JavaScript downloaded by Google web apps.) Not to mention NDA and trade secret issues.