Slashdot Mirror
Apple Yanks Top Mac App a Month After Learning it Sends User Info To China (venturebeat.com)
An anonymous reader shares a report: When a group of security researchers reported a popular but allegedly dangerous Mac App Store utility to Apple, noting that it secretly sends "highly sensitive user information" to an "unscrupulous" developer, Apple's response for a full month was surprising: "crickets." But after a cluster of bad press today, Apple finally pulled Yongming Zhang's app Adware Doctor: Anti Malware &Ad from the store.
Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and "privacy fighter" @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user's Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac's apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store -- where it was ranked the number one paid app across all Mac utilities.
Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and "privacy fighter" @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user's Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac's apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store -- where it was ranked the number one paid app across all Mac utilities.
The bizarre thing here, IMO, is that so many App Store users would select this totally unknown app as their pick to spend $5 on to protect their systems from malware or virus threats?
It's pretty ironic that a major "advantage" of the Mac App Store is app-sandboxing, but by requiring it, many good apps can't function properly (ie. Photoshop, Office and Coda variety apps), and so they shun the App Store and take the informed Mac audience with them. This leaves the less-informed Mac audience trusting that the App Store represents the sum of Mac apps, and downloading crippled apps that send their personal info off to China.
This is a prime example of an app store not being any better than downloading software off a random internet site.
They pretty much have the same issues with this.
So them toting security and protection are lies.
Unless they are personal inspecting each and every apps source code.
The millennial that doesn't like most of the stuff designed for millennials.
Its 6 in one and a half dozen in the other
They both have similar issues. Google has done similar in the past.
Same as MS.
The millennial that doesn't like most of the stuff designed for millennials.
who are these Yanks and how did they get a top app on Mac two months after sending data to China.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
China.
My wife has an app business, and we have sent many emails back and forth to Apple's support staff. A 30 day delay in response is fairly typical and marking a message "URGENT" makes no difference. They are just way understaffed and disorganized. No conspiracy theory is needed here.
"They are just way understaffed" nothing a few million (not billions) wont fix
Lame all around from developer to people shelling out $5 for scam ware , but Apple sitting on the report for a month with no action is the worst part. I hope the morons who downloaded sue Apple. Maybe the jackasses in charge of the App Store will be removed, too.
It blows my mind how a company as rich as Apple still stinks. They should be head and shoulders above everyone else in every category in which they compete, but they aren't.
Almost certainly tons of fake reviews and possibly fake downloads where they use promo codes etc. I highly doubt so many Mac users are using this.
Check this article out:
https://www.wsj.com/articles/h...
Fake reviews for products is a HUGE industry and almost certainly thousands of people in India got paid to astroturf this app to the top. Amazon is literally being crippled by fake reviews and dodgy products.
If you wanna get rich, you know that payback is a bitch
If only Apple weren't too financially strapped to be able to afford to protect their customers. It's such a shame they don't have the profits to do this properly.
Thank goodness I don't use Apple products! I compute with confidence knowing that Big Brother Google, Faceboot, Ma Verizon, Red Fedora, Uncle Samsung, and my friendly neighborhood Gestapo office all use only the most *scrupulous* outsourced and H1-B indentured labor.
Scrupulousity FTW!
But Macs are IMMUNE from Malware and Viruses! That's only something Windoze users have! This must be fake news! Apple is the best!
NO practical OS is, nor can made to be, Immune to a TROJAN.
Can't be done without completely banning the installation of software.
Period.
Really? Because I yanked the Apple apps away from my PC when I realised they were a scam to charge me more money than other apps do.
The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They probably ignore URGENT messages just a bit longer than normal ones. :)
When I get an IMPORTANT eMail it is quite likely I ignore it for so many days that it is suddenly no longer on fhe first page of my email list, and then I forget it
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
so far for all those Apple folks claiming that the Play store is a minefield and that this problem doesn't excist on Apple devices.
at least Google seems to be much quicker to react to such claims instead of waiting a month before removing said app (and then only because there was sudden negative press about it)
On a long enough timeline, the survival rate for everyone drops to zero.
The point of having an app store is that it's a curated collection. If you can't trust the apps in the official store, that's a step backwards from ye olde retail outlet and you might as well just get apps from j. Random internet site, since you can't trust the app store.
Understood; but considering the vanishgly-small number of examples of Malware sneaking-past the vetting process of the COMBINED number of Apps in the Apple App StoreS (plural), and the fact that, IN EVERY known case, the Apps were either rejected outright, or REMOVED when the malware was discovered (unlike, on the Internet, as another Poster pointed-out), I'd say the Protction afforded by Apple's Curation is MILLIONS of times better than downloading those same Apps from some rando website or even a well-known third-party repository.
tl;dr : Nothing is perfect; but Apple's App StoreS (plural) have a years-long NEARLY PERFECT track record (to the point that EVERY exception is NEWSWORTHY!) relative to both the Internet at large AND envy other "App Store", and at this time represent the hands-down safest sources for Application and System-Software acquisition for Apple products.
The whole POINT of iOS is supposed to be that no additional security measures are necessary. That's the point of the walled-garden. If I need to pay someone to fix problems Apple leaves in (or puts in, the way Microsoft does,) on purpose, then there's no reason to pay the hefty Apple Premium, the Apple Tax, if you will, for having a smartphone. If I ever decide there's a need to resort to an extra app for security, I'm e-baying my damn iPhone and switching back to a dumb phone. Fie on all this technological nonsense.
Our reign has gone on long enough. Indeed. Summon the meteors.