Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Yanks Top Mac App a Month After Learning it Sends User Info To China (venturebeat.com)

Posted by msmash on from the security-fail dept.

An anonymous reader shares a report: When a group of security researchers reported a popular but allegedly dangerous Mac App Store utility to Apple, noting that it secretly sends "highly sensitive user information" to an "unscrupulous" developer, Apple's response for a full month was surprising: "crickets." But after a cluster of bad press today, Apple finally pulled Yongming Zhang's app Adware Doctor: Anti Malware &Ad from the store.

Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and "privacy fighter" @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user's Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac's apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store -- where it was ranked the number one paid app across all Mac utilities.

54 comments

  1. Top rated paid app?! by King_TJ · · Score: 4, Insightful

    The bizarre thing here, IMO, is that so many App Store users would select this totally unknown app as their pick to spend $5 on to protect their systems from malware or virus threats?

    1. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      Stupid people make STUPID CHOICES !!!

      Film at 11 !!!!!

    2. Re:Top rated paid app?! by DarkRookie · · Score: 1

      Drop the first Stupid and that sentence would be A LOT more accurate.

      --
      The millennial that doesn't like most of the stuff designed for millennials.
    3. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      Well to be fair, Apple is supposed to be protecting the users by keeping this stuff out of the store. Wasn't that the ENTIRE POINT of making a store in the first place?

    4. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      The bizarre thing here, IMO, is that so many App Store users would select this totally unknown app as their pick to spend $5 on to protect their systems from malware or virus threats?

      Another bizarre thing here is the question mark at the end of your statement.

    5. Re:Top rated paid app?! by HumanEmulator · · Score: 2

      It seems pretty likely that non-Apple apps have such poor sales, that it's simply not that hard to climb the charts. The Mac App Store numbers look nothing like the iOS App Store numbers.

    6. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      I think fake ratings is a whole industry

    7. Re:Top rated paid app?! by Swave+An+deBwoner · · Score: 1

      If they remove it from the phone then don't they have to refund $5?

    8. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      This sounds like exactly what an Apple user would do. Shutup and take my money!

    9. Re: Top rated paid app?! by Anonymous Coward · · Score: 0

      Mac not phone.

    10. Re: Top rated paid app?! by Swave+An+deBwoner · · Score: 1

      Ah, my ignorance of all things Apple is evident. Thanks for the correction.

    11. Re:Top rated paid app?! by Anonymous Coward · · Score: 0

      The bizarre thing here, IMO, is that so many App Store users would select this totally unknown app as their pick to spend $5 on to protect their systems from malware or virus threats?

      $5? That'll get me 5 cheap hoes for a day.

    12. Re: Top rated paid app?! by Anonymous Coward · · Score: 0

      "Wasn't that the ENTIRE POINT of making a store in the first place?"

      No, of course not. You didn't really believe that, did you? If you did I bet you voted for Hillary too. LOL!

    13. Re:Top rated paid app?! by AmiMoJo · · Score: 1

      They probably spammed Google with tech support ads and links from error code farms.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:Top rated paid app?! by Wild_dog! · · Score: 1

      Purchase is still there even if you remove an app from the device.
      Should be a refund and then the app should be deleted from previous purchases.

    15. Re: Top rated paid app?! by Anonymous Coward · · Score: 0

      zzzzzzz boring political comment zzzzzz zzzzzz

  2. Apple 3 by Anonymous Coward · · Score: 0

    Apple fights for your privacy. Never get Android.

    1. Re:Apple 3 by DarkRookie · · Score: 1

      Its 6 in one and a half dozen in the other
      They both have similar issues. Google has done similar in the past.
      Same as MS.

      --
      The millennial that doesn't like most of the stuff designed for millennials.
    2. Re:Apple 3 by ShanghaiBill · · Score: 2

      My wife has an app business, and we have sent many emails back and forth to Apple's support staff. A 30 day delay in response is fairly typical and marking a message "URGENT" makes no difference. They are just way understaffed and disorganized. No conspiracy theory is needed here.

    3. Re:Apple 3 by zlives · · Score: 1

      "They are just way understaffed" nothing a few million (not billions) wont fix

    4. Re:Apple 3 by Spamalope · · Score: 1

      If only Apple weren't too financially strapped to be able to afford to protect their customers. It's such a shame they don't have the profits to do this properly.

    5. Re:Apple 3 by angel'o'sphere · · Score: 1

      They probably ignore URGENT messages just a bit longer than normal ones.
      When I get an IMPORTANT eMail it is quite likely I ignore it for so many days that it is suddenly no longer on fhe first page of my email list, and then I forget it :)

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  3. Ironic by HumanEmulator · · Score: 1

    It's pretty ironic that a major "advantage" of the Mac App Store is app-sandboxing, but by requiring it, many good apps can't function properly (ie. Photoshop, Office and Coda variety apps), and so they shun the App Store and take the informed Mac audience with them. This leaves the less-informed Mac audience trusting that the App Store represents the sum of Mac apps, and downloading crippled apps that send their personal info off to China.

    1. Re:Ironic by Anonymous Coward · · Score: 0

      Of course, you can break out of a sandbox. I jumped off the bandwagon when Apple started all this pain-in-the-ass security/Gatekeeper/sandboxing security theater because its main purpose is simply to bind developers into their infrastructure and make it harder to develop with unusual programming languages and not to use XCode. Apple wants to make money by selling new hardware to developers every 3 years, that's what this is about. You could grab the file vault password from the pagefile with a one liner for many years - security my ass!

  4. Prime Example by DarkRookie · · Score: 2

    This is a prime example of an app store not being any better than downloading software off a random internet site.

    They pretty much have the same issues with this.
    So them toting security and protection are lies.

    Unless they are personal inspecting each and every apps source code.

    --
    The millennial that doesn't like most of the stuff designed for millennials.
    1. Re:Prime Example by Anonymous Coward · · Score: 0

      Unless they are personal inspecting each and every apps source code.

      .

      Sort of like how you are personal ( sic ) inspecting your own writing and grammar ?

    2. Re:Prime Example by Anonymous Coward · · Score: 0

      It's a prime example of it being better. The app was yanked. No one is going to yank malware from the internet when it's discovered.

    3. Re: Prime Example by Anonymous Coward · · Score: 0

      Oh wait, people do.

      In order to avoid a big warning box about an untrusted vendor, you have to get a certificate from Microsoft or a big vendor.

      Other malware scanners like the built in ones also blacklist the site or the app

  5. Ok, what I want to know is by rsilvergun · · Score: 1

    who are these Yanks and how did they get a top app on Mac two months after sending data to China.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  6. Who's watching the watcher? by MJhasHIV · · Score: 2, Insightful

    China.

  7. Fake News. App store apps are safe. by Anonymous Coward · · Score: 0

    That's why Apple won't let us install other apps, after all. To keep us safe.

  8. Fuck apple by Anonymous Coward · · Score: 0

    and all their lies and bullshit.
    Security my ass.

  9. Really Lame by Anonymous Coward · · Score: 1

    Lame all around from developer to people shelling out $5 for scam ware , but Apple sitting on the report for a month with no action is the worst part. I hope the morons who downloaded sue Apple. Maybe the jackasses in charge of the App Store will be removed, too.

    It blows my mind how a company as rich as Apple still stinks. They should be head and shoulders above everyone else in every category in which they compete, but they aren't.

    1. Re:Really Lame by Anonymous Coward · · Score: 0

      They should be head and shoulders above everyone else in every category in which they compete, but they aren't.

      Yeah yeah yeah... And Hillary should've won the election by 50 points! Shopping and voting both suffer the same psychological issues. People dance to anything.

    2. Re:Really Lame by Anonymous Coward · · Score: 0

      another boring political comment with no point,

    3. Re:Really Lame by Anonymous Coward · · Score: 0

      Well, you're just in denial, when you are the point, you're not expected to see it right away. First you have to want to...

  10. Fake Reviews by bogie · · Score: 2

    Almost certainly tons of fake reviews and possibly fake downloads where they use promo codes etc. I highly doubt so many Mac users are using this.
    Check this article out:
    https://www.wsj.com/articles/h...

    Fake reviews for products is a HUGE industry and almost certainly thousands of people in India got paid to astroturf this app to the top. Amazon is literally being crippled by fake reviews and dodgy products.

    --
    If you wanna get rich, you know that payback is a bitch
  11. Well, it by definition is not "unknown". by Anonymous Coward · · Score: 0

    Clearly, everybody used it, because everybody recommended it, because everybody liked it.

    That that doesn't mean, it can't be total worthless shit, should be clear since everybody install Microsoft malware scanners and called them "the best" because they were the fastest and lightest... even though they only were the fastest and lightest because they found nothing. (Only 69% of currently in-the-wild malware was detected. It failed the most basic virus test every damn year. Where nearly every other solution for 100% or very very close to it.)

    So no need to go all conspiracy theorist on this.
    I mean... fuckin Flappy Bird... If that doesn't tell you that popularity doesn't need anyone to conspire, then you need to take off your tin foil lined NSA officer hat.

    Also, how is it worse for it to send user data to China, than sending it to the USA?
    I mean, if I'm American (which I'm not. Nor am I Chinese), then surely I would prefer a government to steal my personal data that doesn't have power over me!
    I mean if I'd be OK with any leakage in the first place, which the NSA and the above puppets clearly not only find OK, but probably masturbate to every night.

    1. Re:Well, it by definition is not "unknown". by Anonymous Coward · · Score: 0

      Everybody... did not use it. The news here is that overall Mac App Store sales in whatever category this was in are low enough that Sketchy PC Cleaner by Mr Long Dong McShadey in China, topped the chart by buying reviews, to make their drive-by web pop up scare campaign look legit

      You Mac or PC is infected with vilus, please downroad this software in order for fix

  12. Just because you are surrounded by morons ... by Anonymous Coward · · Score: 0

    ... doesn't make all people morons.

    There's a reason everybody says Americans are stupid.

    1. Re: Just because you are surrounded by morons ... by Anonymous Coward · · Score: 0

      "There's a reason everybody says Americans are stupid."

      Because they watch our semi-official fake news, and falsely imagine most Americans are dumb enough to believe all those obvious lies?

    2. Re: Just because you are surrounded by morons ... by Anonymous Coward · · Score: 0

      50% of Americans believed the fake news. Enough to elect someone who thrives on perpetuating fake news

  13. B.b.b.u.t! by Anonymous Coward · · Score: 0

    But Macs are IMMUNE from Malware and Viruses! That's only something Windoze users have! This must be fake news! Apple is the best!

    1. Re:B.b.b.u.t! by TheFakeTimCook · · Score: 1

      But Macs are IMMUNE from Malware and Viruses! That's only something Windoze users have! This must be fake news! Apple is the best!

      NO practical OS is, nor can made to be, Immune to a TROJAN.

      Can't be done without completely banning the installation of software.

      Period.

    2. Re:B.b.b.u.t! by drinkypoo · · Score: 1

      The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:B.b.b.u.t! by TheFakeTimCook · · Score: 1

      The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.

      Understood; but considering the vanishgly-small number of examples of Malware sneaking-past the vetting process of the COMBINED number of Apps in the Apple App StoreS (plural), and the fact that, IN EVERY known case, the Apps were either rejected outright, or REMOVED when the malware was discovered (unlike, on the Internet, as another Poster pointed-out), I'd say the Protction afforded by Apple's Curation is MILLIONS of times better than downloading those same Apps from some rando website or even a well-known third-party repository.

      tl;dr : Nothing is perfect; but Apple's App StoreS (plural) have a years-long NEARLY PERFECT track record (to the point that EVERY exception is NEWSWORTHY!) relative to both the Internet at large AND envy other "App Store", and at this time represent the hands-down safest sources for Application and System-Software acquisition for Apple products.

  14. "unscrupulous" developer by astrofurter · · Score: 2

    Thank goodness I don't use Apple products! I compute with confidence knowing that Big Brother Google, Faceboot, Ma Verizon, Red Fedora, Uncle Samsung, and my friendly neighborhood Gestapo office all use only the most *scrupulous* outsourced and H1-B indentured labor.

    Scrupulousity FTW!

  15. "It's only ok if WE do it" by Anonymous Coward · · Score: 0

    Apple, Google, Facebook, Microsoft, and many of their apps collect more info than this on you, but when a Chinese company does it then suddenly it's a crime? Pot and kettle, hypocrisy, and crying about yellow peril.

    This is propaganda and dishonest bullshit, nothing else.

  16. new york digital branding agency by Anonymous Coward · · Score: 0

    This article is more informative best article i have seen
    Its help you for further details click the link below

    In new york digital branding agency IOITSOL is one of the best new york digital branding agency.In new york digital
    branding agency IOITSOL Provide best work in new york.New york digital branding agency or company encompasses many
    different skills and disciplines in the production and maintenance of the new york digital branding agency.The different
    areas of application include UI design; interface design user experience design.Today in new york digital branding agency
    IOITSOl is the best agency.IOITSOL is also the Most creative new york digital branding agency in the past recent years.

    https://www.ioitsol.com/

  17. o rly? by dohzer · · Score: 1

    Really? Because I yanked the Apple apps away from my PC when I realised they were a scam to charge me more money than other apps do.

  18. and there goes the theory by sad_ · · Score: 2

    so far for all those Apple folks claiming that the Play store is a minefield and that this problem doesn't excist on Apple devices.
    at least Google seems to be much quicker to react to such claims instead of waiting a month before removing said app (and then only because there was sudden negative press about it)

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  19. Apple Security APPS?!? by Hallux-F-Sinister · · Score: 1

    The whole POINT of iOS is supposed to be that no additional security measures are necessary. That's the point of the walled-garden. If I need to pay someone to fix problems Apple leaves in (or puts in, the way Microsoft does,) on purpose, then there's no reason to pay the hefty Apple Premium, the Apple Tax, if you will, for having a smartphone. If I ever decide there's a need to resort to an extra app for security, I'm e-baying my damn iPhone and switching back to a dumb phone. Fie on all this technological nonsense.

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.