Last Week on My Mac: App Store Eavesdroppers

Apple’s retail stores are among my favourite shops. After bookstores, which have been my obsession ever since I learned to read, they are the best: well designed, plenty of hardware to look at and play with, friendly but not pushy sales staff, and products which I can trust to work really well. They may not be the cheapest, but I can’t think of any lemon which I have bought there.

What greater contrast than with Apple’s App Store?

In most parts, it’s like a jumble sale, full of items of doubtful origin, but if you look hard enough there are some real gems. There’s no sort of quality control, it’s well nigh impossible to navigate, and frankly an embarrassment to a premium brand like Apple.

And over the last few days, it has become manifest that we can’t even trust the App Store’s products to respect our private data.

Reports from security experts Thomas Reed in Malwarebytes Labs, Patrick Wardle of Objective-See and @privacyis1st have revealed that not one but several App Store apps, including the best-selling Adware Doctor, access users’ private data against App Store rules and provisions in macOS, and have been sending exfiltrated private data to remote servers.

The apps which have so far been identified as behaving deceptively and against the interests of the user include:

  • Adware Doctor which breached App Store rules, deceptively exfiltrated private data including browser histories, and sent them to a remote server. Explicit and detailed complaints have been made to the App Store by several researchers since the middle of August, but the app has only just been taken down from the US store. Oddly, an app of this name is still available on the UK App Store as of 8 September 2018, although it purports to come from a different developer, and has a different app icon. Apple needs to clarify whether that is the same product, or is safe to use, as a matter of urgency.
  • Adware Medic, the predecessor of Adware Doctor, which was taken down after Thomas Reed complained to the App Store in 2015, only for the App Store to accept the near-identical Adware Doctor.
  • Open Any Files: RAR Support which exfiltrated similar private data for several months late last year and this year, has been reported to the App Store, but is still available on the Store as of 8 September 2018.
  • Dr. Antivirus which exfiltrates browser history and a detailed listing of all installed apps. Still available as of 8 September 2018.
  • Dr. Cleaner which also exfiltrates browser history without the app listing. This is still available as of 8 September 2018, and has even been recommended by MacWorld.

I am stunned that Apple, a company which rightly refuses to sell cheap adaptor cables in its stores because it considers that we should only use high quality approved accessories, is continuing to sell (or give away, in some cases) four products which security researchers have demonstrated break Apple’s own rules, and grossly abuse the user’s privacy. This after the Keynote at WWDC 2018 pronounced:
“You know, one of the reasons that people choose Apple products is because of our commitment to security and privacy. And we believe that your private data should remain private, not because you’ve done something wrong or that you have something to hide but because there can be a lot of sensitive data on your devices, and we think you should be in control of who sees it.”

So long as it continues to get its 30% cut of sales, and count these apps in the multitude which the App Store offers to Mac users, Apple has been perfectly happy to supply us with spyware.

Can the App Store survive in its present form? Haven’t users finally lost faith in its bland assurance that its apps are screened and checked by Apple, and are ‘safe’ for us to use? When Apple has ignored the evidence of well-known security experts and failed to take action over these apps, how many others in the store might prove similarly malicious?

I think that Apple has two options which could restore its credibility and reputation.

The first would be to change the whole approach of the App Store to that of its physical stores, by offering only a select list of fully-tested apps of comparable quality to Apple’s own products. This would give buyers the confidence that, not only will these apps not turn out to be spyware, but they would be worth buying and using.

The alternative would be to recruit an independent board which oversaw the application of its screening procedures, and the investigation of complaints, giving it the transparency which should ensure that this never happens again.

If Apple does neither, then its App Store will act corrosively, and can only tarnish the whole of its brand.


As of 0730 10 September 2018, Apple has finally removed the apps named above from its UK App Store, and apparently from its other App Stores too. However, there are still a lot of apps which need to be more thoroughly investigated as to their efficacy and legitimacy: search on adware for example to see a lot which make bold claims that would appear to be impossible under App Store rules.

Thomas Reed of Malwarebytes has also asked me to make the distinction between the old Adware Medic app mentioned above and his completely legitimate and effective app AdwareMedic. This raises another issue which the App Store needs to address as a matter of urgency: the abuse of names of other apps and counterfeiting.

The App Store remains a big problem for Apple, and until it addresses these problems will continue to tarnish the whole brand.