Apple Yanks Top Mac App a Month After Learning it Sends User Info To China

An anonymous reader shares a report: When a group of security researchers reported a popular but allegedly dangerous Mac App Store utility to Apple, noting that it secretly sends "highly sensitive user information" to an "unscrupulous" developer, Apple's response for a full month was surprising: "crickets." But after a cluster of bad press today, Apple finally pulled Yongming Zhang's app Adware Doctor: Anti Malware &Ad from the store.

Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and "privacy fighter" @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user's Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac's apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store -- where it was ranked the number one paid app across all Mac utilities.

Top rated paid app?!

[King_TJ]

The bizarre thing here, IMO, is that so many App Store users would select this totally unknown app as their pick to spend $5 on to protect their systems from malware or virus threats?

Re:

[DarkRookie]

Drop the first Stupid and that sentence would be A LOT more accurate.

Re:

[Swave An deBwoner]

If they remove it from the phone then don't they have to refund $5?

Re:

[Swave An deBwoner]

Ah, my ignorance of all things Apple is evident. Thanks for the correction.

Re:

[Wild_dog!]

Purchase is still there even if you remove an app from the device.
Should be a refund and then the app should be deleted from previous purchases.

Re:

[HumanEmulator]

It seems pretty likely that non-Apple apps have such poor sales, that it's simply not that hard to climb the charts. The Mac App Store numbers look nothing like the iOS App Store numbers.

Re:

[AmiMoJo]

They probably spammed Google with tech support ads and links from error code farms.

Fake Reviews

[bogie]

Almost certainly tons of fake reviews and possibly fake downloads where they use promo codes etc. I highly doubt so many Mac users are using this.
Check this article out:
https://www.wsj.com/articles/h... [wsj.com]

Fake reviews for products is a HUGE industry and almost certainly thousands of people in India got paid to astroturf this app to the top. Amazon is literally being crippled by fake reviews and dodgy products.

Re:

[DarkRookie]

Its 6 in one and a half dozen in the other
They both have similar issues. Google has done similar in the past.
Same as MS.

Re:

[ShanghaiBill]

My wife has an app business, and we have sent many emails back and forth to Apple's support staff. A 30 day delay in response is fairly typical and marking a message "URGENT" makes no difference. They are just way understaffed and disorganized. No conspiracy theory is needed here.

Re:

[zlives]

"They are just way understaffed" nothing a few million (not billions) wont fix

Re:

[Spamalope]

If only Apple weren't too financially strapped to be able to afford to protect their customers. It's such a shame they don't have the profits to do this properly.

Re:

[angel'o'sphere]

They probably ignore URGENT messages just a bit longer than normal ones.
When I get an IMPORTANT eMail it is quite likely I ignore it for so many days that it is suddenly no longer on fhe first page of my email list, and then I forget it :)

Ironic

[HumanEmulator]

It's pretty ironic that a major "advantage" of the Mac App Store is app-sandboxing, but by requiring it, many good apps can't function properly (ie. Photoshop, Office and Coda variety apps), and so they shun the App Store and take the informed Mac audience with them. This leaves the less-informed Mac audience trusting that the App Store represents the sum of Mac apps, and downloading crippled apps that send their personal info off to China.

Prime Example

[DarkRookie]

This is a prime example of an app store not being any better than downloading software off a random internet site.

They pretty much have the same issues with this.
So them toting security and protection are lies.

Unless they are personal inspecting each and every apps source code.

Ok, what I want to know is

[rsilvergun]

who are these Yanks and how did they get a top app on Mac two months after sending data to China.

Who's watching the watcher?

[MJhasHIV]

China.

Really Lame

[Anonymous Coward]

Lame all around from developer to people shelling out $5 for scam ware , but Apple sitting on the report for a month with no action is the worst part. I hope the morons who downloaded sue Apple. Maybe the jackasses in charge of the App Store will be removed, too.

It blows my mind how a company as rich as Apple still stinks. They should be head and shoulders above everyone else in every category in which they compete, but they aren't.

Re:

[TheFakeTimCook]

But Macs are IMMUNE from Malware and Viruses! That's only something Windoze users have! This must be fake news! Apple is the best!

NO practical OS is, nor can made to be, Immune to a TROJAN.

Can't be done without completely banning the installation of software.

Period.

Re:

[drinkypoo]

The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.

Re:

[TheFakeTimCook]

The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.

Understood; but considering the vanishgly-small number of examples of Malware sneaking-past the vetting process of the COMBINED number of Apps in the Apple App StoreS (plural), and the fact that, IN EVERY known case, the Apps were either rejected outright, or REMOVED when the malware was discovered (unlike, on the Internet, as another Poster pointed-out), I'd say the Protction afforded by Apple's Curation is MILLIONS of times better than downloading those same Apps from some rando website or even a well-kno

"unscrupulous" developer

[astrofurter]

Thank goodness I don't use Apple products! I compute with confidence knowing that Big Brother Google, Faceboot, Ma Verizon, Red Fedora, Uncle Samsung, and my friendly neighborhood Gestapo office all use only the most *scrupulous* outsourced and H1-B indentured labor.

Scrupulousity FTW!

o rly?

[dohzer]

Really? Because I yanked the Apple apps away from my PC when I realised they were a scam to charge me more money than other apps do.

and there goes the theory

[sad_]

so far for all those Apple folks claiming that the Play store is a minefield and that this problem doesn't excist on Apple devices.
at least Google seems to be much quicker to react to such claims instead of waiting a month before removing said app (and then only because there was sudden negative press about it)

Re:

[account_deleted]

Comment removed based on user account deletion