Top selling Mac App Store app found to send user browser data to Chinese servers without permission [update: app now removed]

Adware Doctor for Mac is the No. 1 paid utility app on the Mac App Store. It’s also logging browser history of users without their permission and sending it to a service in China, according to ThreatPost.

Update: The app is no longer available on the Mac App Store.

In news that will leave you scratching your head, security researcher Patrick Wardle said he notified Apple about this issue one month ago. As of today, Sept. 7, however, the $4.99 app remains in the Mac App Store. Wardle explains in a technical analysis published on Friday:

We tore apart Adware Doctor… [and] our research uncovered blatant violations of user privacy and complete disregard of Apple’s App Store Guidelines.

There is rather a massive privacy issue here. Let’s face it, your browsing history provides a glimpse into almost every aspect of your life.

In the breakdown, Wardle notes that Adware Doctor does need legitimate access to a user’s files and directories to scan for malicious code. In doing so, the app can detect and clean adware, but it also collects and exfiltrates any user file it chooses. Once this data has been received, the app zips it up into an archive file and has been sending the information to a domain based in China.

Naturally, this is terrible news. Knowing that Wardle alerted Apple about the issue a month ago makes it even more alarming. Hopefully, the company will address this issue soon.