Twitter user @privacyis1st tweeted a video about the issue last month and then investigated it with security researcher Patrick Wardle. Wardle does a deep dive into how Adware Doctor works on his blog Objective-See, which you can check out here, but essentially, the app sidesteps Apple's sandboxing features and snags browser histories from Chrome, Firefox and Safari. "Now, an anti-malware or anti-adware tool is going to need legitimate access to user's files and directories -- for example to scan them for malicious code," Wardle explains. "However, once the user has clicked 'Allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses!"
Wardle points out the the app is in violation of Apple's App Store Rules & Guidelines. But though he notified Apple of the issue a month ago, it's still available on the App Store, which is troubling to say the least. Stealing users' browser histories is a serious privacy issue and "rather f#@&'d up," as Wardle puts it.