https://thehackernews.com/2018/09/mac-adware-removal-tool.html
A popular adware removal tool in the Apple App store has been found stealing users browser history which is a violation of Apple’s terms and services agreement. It’s breaking out of Apple’s typical sandboxing it makes it’s apps follow and steals the browser information. This data is being exfiltrated to a server located in China. An ex NSA staffer found this issue a while ago and notified Apple about it, but it took Apple over a month before they did anything about it. Eventually they did remove it from the app store.
It’s interesting how people think Apple is immune to these types of issues, but this is evidence that nobody is immune. Apple might do a better job than Microsoft or Google but they are just as susceptible as others.
Sev Shirozian
Apple should pay more attention on this kind of application. Compare with other devices, iphone is more secure. Users can only download application in App store. Most people trust every application on App store. Obtaining information from users’ browser can help hackers figure out what the user is interested in. Hackers could sell the information to advertisement companies. These companies could send advertisement to users. In addition, hacker may obtain accounts and passwords, which may cause financial loss for the users. On the other hand, Apple should tack action to prevent this attack faster. The company should also conduct auditing tasks before the application can be downloaded by users on App store.
I also read this kind of news recently and I think there are more apps stealing users’ browser information and sending it back to developer. This vulnerability provides a way for hackers to gain and steal information from users which calling question to privacy protection. Companies should pay attention to this area and should have a plan regarding how to regulate this kind of application.
This sounds like something Apple Inc’s app vetting should have caught. Unless their procedures have changed to be more relaxed, something makes me think Yongming Zhang the listed author of this “Adware Doctor” snuck their malicious intent via app updates.
The article does a great job crapping on apple for taking a month to remove the app from thier store. Perhaps “Adware Doctor” being the top 4 paid apps required an extra amount of scrutiny as Apple has been accused of being too hasty on removing apps in the past.
OR
You could assume that Apple didn’t want to take down a top money producer. Ether way this is a serious issue and I doubt that Apple is taking this lightly.