• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

App of Apple App store caught Spying on users

September 8, 2018 by Sev Shirozian 3 Comments

https://thehackernews.com/2018/09/mac-adware-removal-tool.html

A popular adware removal tool in the Apple App store has been found stealing users browser history which is a violation of Apple’s terms and services agreement.  It’s breaking out of Apple’s typical sandboxing it makes it’s apps follow and steals the browser information.  This data is being exfiltrated to a server located in China.  An ex NSA staffer found this issue a while ago and notified Apple about it, but it took Apple over a month before they did anything about it.  Eventually they did remove it from the app store.

It’s interesting how people think Apple is immune to these types of issues, but this is evidence that nobody is immune.  Apple might do a better job than Microsoft or Google but they are just as susceptible as others.

Sev Shirozian

Filed Under: Week 02: TCP/IP and Network Architecture Tagged With:

Reader Interactions

Comments

  1. Xinteng Chen says

    September 10, 2018 at 9:02 pm

    Apple should pay more attention on this kind of application. Compare with other devices, iphone is more secure. Users can only download application in App store. Most people trust every application on App store. Obtaining information from users’ browser can help hackers figure out what the user is interested in. Hackers could sell the information to advertisement companies. These companies could send advertisement to users. In addition, hacker may obtain accounts and passwords, which may cause financial loss for the users. On the other hand, Apple should tack action to prevent this attack faster. The company should also conduct auditing tasks before the application can be downloaded by users on App store.

    Log in to Reply
  2. Yingyan Wang says

    September 11, 2018 at 5:33 pm

    I also read this kind of news recently and I think there are more apps stealing users’ browser information and sending it back to developer. This vulnerability provides a way for hackers to gain and steal information from users which calling question to privacy protection. Companies should pay attention to this area and should have a plan regarding how to regulate this kind of application.

    Log in to Reply
  3. Brock Donnelly says

    September 12, 2018 at 2:50 pm

    This sounds like something Apple Inc’s app vetting should have caught. Unless their procedures have changed to be more relaxed, something makes me think Yongming Zhang the listed author of this “Adware Doctor” snuck their malicious intent via app updates.

    The article does a great job crapping on apple for taking a month to remove the app from thier store. Perhaps “Adware Doctor” being the top 4 paid apps required an extra amount of scrutiny as Apple has been accused of being too hasty on removing apps in the past.

    OR

    You could assume that Apple didn’t want to take down a top money producer. Ether way this is a serious issue and I doubt that Apple is taking this lightly.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in