
A Popular Mac App That Sent Users' Browsing History to China Has Been Removed - tortilla
https://www.buzzfeednews.com/article/nicolenguyen/apple-removes-adware-doctor-browsing-history
======
Illniyar
I just love the apple response mail to the guy who disclosed this to them:

"We have forwarded your feedback to the appropriate team. Someone from that
team will investigate and follow up as needed with the developer.

Because we can only share communications about an app with its developer, you
will not receive updates about this matter."

It's the perfect email, they can do whatever they want, and they have an
excuse why they don't need to account for it - they could let the app do
whatever it want, demand it to change it's behavior or throw it out, but the
one who spent considerable time researching this would never know.

~~~
lemoncucumber
Apple's lack of transparency is one of my biggest problems with them. I refuse
to ever file bugs with them since I know I won't get any meaningful updates.

Similarly, I often report problems on Google Maps since they actually send
email updates about your report and tell you when it's fixed, whereas I never
do with Apple Maps since they don't provide any feedback.

~~~
pfschell
Apple Maps provides exactly the same feedback on user corrections. Try it out.

~~~
lemoncucumber
Nice, they must have added that since launch. I tried providing feedback years
ago when it was still new and the feedback seemed to go into a black hole.

------
paulcarroty
ES File Explorer - one of the MOST popular Android apps - always connected to
3 Chinese servers. Shitload of proofs and logs and ... nobody cares.

~~~
mtgx
> nobody cares

Are you saying _everyone_ is aware about those things?

I for one never use a Chinese app or an app that was bought by a Chinese
company ever again (sorry, Opera). But I doubt 99% of the users even realize
who owns these apps.

~~~
TheForumTroll
Is it for privacy reasons or racist reasons? If it is for privacy you don't
use US made apps either I hope.

------
eddieplan9
It's the sad state of affair in "trusted" App Stores. Little Snitch is the
first app I install on every machine. I look forward to a day when network
access becomes a permission a sandbox app asks for.

~~~
drb91
Sadly, I don’t see Apple making any moves in this direction, probably because
advertising is an extremely popular form of revenue these days. It’d be rather
awkward explaining why they enable these controls on the computer but they
don’t allow them on iOS.

~~~
scarface74
You mean like Apple not having a built in content blocking framework for
Safari?

[https://developer.apple.com/library/archive/documentation/Ge...](https://developer.apple.com/library/archive/documentation/General/Conceptual/ExtensibilityPG/ContentBlocker.html)

~~~
drb91
It doesn't apply to native apps.... IIRC they've even removed ad-blocking vpn
software recently: [https://forums.appleinsider.com/discussion/200903/apple-
no-l...](https://forums.appleinsider.com/discussion/200903/apple-no-longer-
accepting-vpn-based-ad-blockers-to-app-store-report-says)

~~~
scarface74
There are so many bad actors when it comes to VPN software ad blockers it
wasn’t worth the risk.

VPNs are allowed and are natively supported, but I wouldn’t trust a random
third party VPN.

If it were that important to me on iOS, I would host my own VPN server and
just use the native support.

[https://www.imore.com/how-configure-vpn-access-your-
iphone-o...](https://www.imore.com/how-configure-vpn-access-your-iphone-or-
ipad)

But honestly, I hate ad supported software. Either give me away to remove ads
via an in app purchase or I’ll just delete the app.

I bought an iOS device partially because I prefer the simple transaction model
of giving Apple money and they give me stuff without subsidizing the purchase
price with ads and invasive tracking.

------
frou_dh
It is sandboxed from filesystem access, but as soon as it is launched, it asks
the user for permission to access their home directory.

Really this is just an indictment of old-school massive deep tree file
organisation, and of Unix file permission being too coarse-grained for what
are effectively single-user computers.

~~~
comboy
I wonder if there's any chance of improvement of that under linux. Only chrome
needs access to my chrome data directory. It also doesn't usually need access
to anything outside it. There's not that much use of solid security preventing
apps from gaining the root access when all my sensitive data is accessible
from my user.

~~~
ComodoHacker
Linux has AppArmor and other tools to solve that. What it lacks are tons of
paid man-hours to develop, test and maintain templates for popular apps.

~~~
drb91
Is there a decent UX for apparmor controls?

------
bangonkeyboard
Which should I be most irritated by:

1) Apple's app review is nigh useless security theater.

2) The App Store is easily manipulated with fake reviews to boost malware.

3) Apple's approved channels for vulnerability reporting are low priority,
opaque, and unresponsive.

4) Apple acts (and swiftly) only upon media attention.

~~~
kbenson
> 1) Apple's app review is nigh useless security theater.

It's not useless, it serves the vital purpose of allowing Apple to strong-arm
companies when Apple wants to compete with them. :/

e.g.
[https://news.ycombinator.com/item?id=17831188](https://news.ycombinator.com/item?id=17831188)

~~~
MrEfficiency
Dont forget you need to buy an apple, and the yearly membership, and have to
constantly update when code is intentionally broken.

As a small time dev with limited resources, Apple is my least favorite company
to deal with.

~~~
s73v3r_
Oh noes, you have to have the platform from the company to make apps for the
platform from the company. The horror.

I honestly cannot take seriously any complaints about having to have a Mac to
make Mac apps. How on earth are you testing if you don't have the platform
you're supposed to be targeting?

~~~
kbenson
Well, with regards to iPhone development at least, it's not that you're buying
the platform you're targeting, it's that you have to buy a specific separate
piece of hardware, running a specific separate software OS, which are _not_
the same as the target platform, to develop for it. An then, as the GP notes,
you have to keep updating them for reasons unrelated to the targeted platform.

I mean, I understand having to have a Mac to develop for a Mac, but having to
have a Mac to develop for iPhone is just Apple being Apple.

~~~
s73v3r_
I still can't take that complaint seriously.

~~~
kbenson
Maybe because you already have a Mac? If you had to buy a NeXT workstation to
develop for it, that might feel a bit different then though, right? It's only
a slightly different proposition. Sure, a lot of people already have Macs, but
it's not really that hard to make the software work on other operating
systems. Apple just doesn't care to to make it cross platform, and also makes
more money and solidifies their market by requiring Macs.

------
ilamont
_Its listing on the Mac App Store is accompanied a majority of lavishly
positive five-star reviews._

[https://threatpost.com/top-macos-app-exfiltrates-browser-
his...](https://threatpost.com/top-macos-app-exfiltrates-browser-histories-
behind-users-backs/137247/)

Can we talk about this problem? Amazon gets a lot of attention for
questionable reviews but Apple hardly gets any backlash from consumers or the
media.

I note on the relevant Apple page for developers
([https://developer.apple.com/design/human-interface-
guideline...](https://developer.apple.com/design/human-interface-
guidelines/ios/system-capabilities/ratings-and-reviews/)) that the following
guidance is given:

 _Ratings and reviews help people make informed decisions when considering
whether to try out your app. Positive ratings and reviews can mean more
downloads of your app, and customer feedback gives you insight into real world
usage that helps direct future development efforts.

Delivering a great overall experience is the best way to encourage positive
ratings and reviews, but it’s also important to ask for feedback at
appropriate times. Keep these considerations in mind when asking people to
rate your app.

Ask for a rating only after the user has demonstrated engagement with your
app. For example, prompt the user upon the completion of a game level or
productivity task._

Nowhere on that page are there any prohibitions against asking for five-star
or positive reviews, and indeed, it's quite easy to find examples of high-
profile apps asking for five star reviews, including Amazon (see example on
the bottom of this page: [http://leanmedia.org/amazon-removes-reviewer-emails-
profiles...](http://leanmedia.org/amazon-removes-reviewer-emails-profiles/)).

It's not hard to see the damage done by inflated or bogus user reviews: The
unwary are more likely to download them, as is the case for this top-ranking
utility sending browser history back to China.

~~~
walrus01
Search for "app store review farm" and you'll see how easy it is to fake
reviews. Apple's system is sufficiently advanced to prevent people from doing
it in a fully automated way, so it's done with the manual version of click
farming. Basically the same idea as paying somebody to farm gold in a MMORPG.
Trust nothing.

[https://www.cultofmac.com/311171/crazy-iphone-rig-shows-
chin...](https://www.cultofmac.com/311171/crazy-iphone-rig-shows-chinese-
workers-manipulate-app-store-rankings/)

~~~
dawnerd
That's pretty expensive, but I guess getting top 10 can potentially be really
lucrative.

~~~
walrus01
Probably less expensive to buy 40 base-model iphones of whatever is the least
expensive that can run the latest iOS, and pay a click worker to farm it.
Something like $16000 USD one-time cost, plus salary, and once the phones are
so obsolete that they can no longer install the app, figure you can wipe and
resell them for $80-100 each.

------
waterside81
Adware Doctor is the app

~~~
sgt
I would really hope very few Mac users in their right mind would install
"Adware Doctor".

~~~
saagarjha
Unfortunately many do, since they come from Windows and have learned that they
need something like this to "keep their Mac clean".

~~~
TheForumTroll
This has nothing to do with users coming from Windows. Mac users aren't
smarter than users of other OS's. Windows 10 with a walled garden like Apples
is safer than a Mac.

~~~
saagarjha
This isn't a matter of Mac users being "smarter"–it's just that most Windows
users are accustomed to running antivirus software on their computers, and
when they come over to macOS they tend to bring this over to macOS.

------
apeace
More information: [https://objective-
see.com/blog/blog_0x37.html](https://objective-see.com/blog/blog_0x37.html)

------
phendrenad2
Thank you to all the security researchers out there reporting this stuff. Keep
the bad press flowing, so apple doesn’t get too lazy and let even more of
these through...

------
rjvir
Security for the normal user is a nice benefit of having an App Store.

~~~
ISL
I'm pretty sure I get a substantial fraction of that sort of benefit from
Debian's apt repository.

~~~
gene91
The intersection between these two sets intersect is likely pretty small:
"normal user", "people using Debian"

------
taobility
Would all non-US Chrome users scare that all their browsing data been sent
back to US?

~~~
eastendguy
Sure it would. If it is sent back, please link to some proof.

~~~
fzzzy
Uh, isn’t it widely known that every character you type in the address bar in
chrome is sent to google? They wouldn’t be able to give you autocomplete
results otherwise.

~~~
Karunamon
This is on a toggle switch that requires affirmative consent to enable the
first time. So no, not the same thing.

~~~
fzzzy
Are you talking about “Help make Google Chrome better by automatically sending
usage statistics and crash reports to Google”? Because that’s not what I am
talking about. Even if you turn that off, autocomplete still works in the
location bar. Type “h”, it offers to complete “Home Depot”, “Hotmail”,
“Huntington Bank”, “Hurricane Florence”, and “Hungry Howies”. It does that by
sending the character “h” to the google servers and getting back a list of
results.

------
rodorgas
> The next release of macOS, macOS Mojave, will protect content like Safari
> History or cookies from apps, even those to which users have granted access
> to their home directory.

What about other browsers?

~~~
erikpukinskis
Owning an operating system means you get special treatment for your apps.

~~~
ballenf
There's nothing to stop Chrome or Firefox from encrypting and/or obfuscating
their history file.

~~~
saagarjha
There is nothing stopping an app from pretending to be Chrome or Firefox and
decrypting the history file for themselves.

------
makecheck
Apple is a terrible choice for gatekeeper because they stand to benefit from
_any_ app becoming popular, regardless of _why_ the app has become popular.
Gambling-inducing gem scams and apps with fake reviews do just fine and earn
Apple 30% at the expense of users so Apple certainly loses money in the short
term if they refuse those apps entirely. Apple also gains when they can brag
on stage about how many bazillion apps there are on Apple platforms; scam apps
are generally quite numerous (probably because it’s easier to come up with a
bunch of crappy apps than a single good one) so they’re sort-of-OK with having
lots of “apps” that no one should really be installing. A really tiny list of
outstanding apps would be hard to sell on stage.

The only real impact on Apple’s bottom line would be for the _entire store_ to
become so infested, _relative to competitors_ , that people jump ship and stop
buying expensive Apple hardware out of frustration. Apple is at least
observant enough to avoid that; they’ve kept their store clearly _better_ than
competing stores but none of them is necessarily a _great_ experience.

I strongly suspect that the convenience of payment processing is the primary
reason for developers to put up with Apple’s too-random screening systems. If
Apple were required to open up app payment processing to any number of payment
services, and if they were relying on trusted 3rd parties to certify apps
(perhaps based on category), we would see a very different app experience.

Distributing reviews to different authorities would also be hard. For example,
if you had “security experts” handle screening for apps in a certain category,
somebody could just write a sneaky app in a different, weakly-reviewed
category to make it through the net into the store. Apple would almost have to
create secure subsets of their entire _API_ in line with app store categories,
e.g. “you can’t even _use_ network-access APIs for apps in this category”
would be a _very_ useful restriction. The other nice thing about this is that
Apple would finally be free to not need certain expertise in-house; e.g. if
you don’t have enough good people on staff who are qualified to assess the
security risks of an app but you can find a trusted 3rd party that _can_ , you
can _hire_ them to be that trusted authority and we can stop assuming that
Apple is the best at handling everything by itself.

------
space00
I think an app which can block all these rogue sites would be welcome

~~~
simonbh
Look into pi-hole

------
jordache
why the f didn't apple catch this behavior during review?

~~~
rubicon33
Because they're too focussed on catching whether or not your app uses their In
App Payment system with 0 possible links to other payment methods.

------
cecja
If there is an APP called anti malware or anti spyware or mega antivirus there
is a 90% chance that it is just the opposite.

~~~
drb91
Why are these even allowed on the store? Surely the sandbox prevents process
inspection.

~~~
djrogers
This is the Mac App Store - not iOS. The app requests global permissions on
launch.

~~~
drb91
> The app requests global permissions on launch.

Then what's the point of the sandbox on the mac?

