Adware Doctor is a top app in Apple's Mac App Store, sitting at number five in the list of top paid apps and leading the list of top utilities apps, as of writing. It says it's meant to prevent "malware and malicious files from infecting your Mac" and claims to be one of the best apps to do so, but unbeknownst to its users, it's also stealing their browser history and downloading it to servers in China.
Twitter user @privacyis1st tweeted a video about the issue last month and then investigated it with security researcher Patrick Wardle. Wardle does a deep dive into how Adware Doctor works on his blog Objective-See, which you can check out here, but essentially, the app sidesteps Apple's sandboxing features and snags browser histories from Chrome, Firefox and Safari. "Now, an anti-malware or anti-adware tool is going to need legitimate access to user's files and directories -- for example to scan them for malicious code," Wardle explains. "However, once the user has clicked 'Allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses!"
Wardle points out the the app is in violation of Apple's App Store Rules & Guidelines. But though he notified Apple of the issue a month ago, it's still available on the App Store, which is troubling to say the least. Stealing users' browser histories is a serious privacy issue and "rather f#@&'d up," as Wardle puts it.