Adware Doctor和Mac App Store的奇怪案例

这是一个奇怪的故事啊Adware Doctor was a $4.99 app in the Mac App Store from a developer按说永明叫张该应用旨在通过删除浏览器扩展,Cookie和缓存来保护您的浏览器免受广告软件的侵害这是一个令人惊讶的受欢迎的应用程序,在公用事业类别中排名第一第四在付费应用程序中,以及Logic Pro X和Final Cut Pro X等强大的应用程序。

事实证明,除其他事项外,Adware Doctor正在从Chrome,Firefox和Safari收集您的网络浏览器历史记录,并将其上传到中国的服务器无论这是什么意图,显然是隐私崩溃这种行为是首先发现的是一个通过Twitter处理的人处理Privacy 1st, and8月12日向Apple报道今天早些时候,安全研究员Patrick Wardle发布了该应用程序的详细技术分析有线TechCrunch的,以及其他出版物跳楼的故事,到太平洋时间上午9点,Apple已从App Store撤下该应用程序

与一些报告相反,Adware Doctor没有在沙盒中发现某种漏洞,导致从Mac App Store下载的应用无法访问整个文件系统该应用程序询问了用户的许可,这是此类实用程序可以使用的唯一方法任何相信Adware Doctor声明目的的用户都会授予此权限(MacOS 10.14 Mojave对特别敏感的文件有额外的保护,例如您的浏览器历史记录和电子邮件数据库 - 即使您授予应用程序访问主文件夹的权限,这也不适用于Mojave。)


First, how in the world did this sketchy app get so popular? Was it actually doing anything useful, protecting users from actual harm? It just seems对我而言,这是该商店中第四个最受欢迎的付费应用程序但这就是让这个故事变得有趣的原因 - 应用程序受欢迎的有很多Mac用户的网页浏览历史现在掌握在中国的一些开发人员手中。

第二,为什么没有四周前的Privacy 1st报告trigger an investigation inside Apple that would’ve gotten the app removed sooner (and without the resulting bad publicity)? From the screenshot Privacy 1st posted to Twitter, it seems as though they included thorough steps to prove what Adware Doctor was doing我们不能指望应用程序审核过程标记每个坏人,但我认为我们应该期待Apple在发现一个坏人时采取行动。

Third, why wasn’t this developer “Yongming Zhang” flagged years ago? Adware Doctor started out named “Adware Medic”,相同的名称作为一个合法的成功应用伪

The developer of this app is one that we at Malwarebytes have had our eye on since 2015At that time, we discovered an app on the App Store named Adware Medic — a direct rip-off of my own highly-successful app of the same name, which becameMalwarebytes for MacWe immediately began detecting this, and contacted Apple about removing the appIt was eventually removed, but was replaced soon after by an identical app named Adware Doctor.

We’ve continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple’s review process, is always replaced by a new version before long.

这是2016年4月的一份报告这表明张永明的应用程序的评论都是假的假评论可能是App Store的最大问题这是一个猖獗的问题我真的认为苹果应该严厉打击这种做法它很糟糕,并且发现一个糟糕的开发者会做更多可怕的事情也就不足为奇了即使Apple不愿意投入人力资源来解决整个App Store中的审查欺诈问题 - 目前这是一个Sisyphean的任务 - 当然 - 他们肯定应该解决这个问题。受欢迎的应用程序和广告软件博士非常受欢迎的这个应用程序的成功,粗略的描述,以及开发人员的不良行为的历史应该引发苹果内部的警钟。

Lastly, what’s going on with all the copies of the app that have already been bought and installed? Do existing copies still run? Isn’t this exactly the sort of scenario where Apple should use the杀死开关to remotely disable installed copies of the app? I’ve asked whether they’ve done this for Adware Doctor, but haven’t gotten an answer yet.