Updated, 9/7/2018, 10:30am PT: Apple has removed Adware Doctor from the Mac App Store. The utility is still listed as one of the top paid apps on Apple's website, but it's no longer available to purchase.
Original article, 9/7/2018, 7:32am PT:
People use ad-blockers for all sorts of reasons. Some want to stop advertising companies from collecting information about them, some don't want to financially support ad-dependent websites and some just want the sites they visit to load faster. It's unlikely that anyone would use an ad-blocker because they want to share their browsing history with someone in China, but that appears to be exactly what the Adware Doctor app does.
Adware Doctor is one of the highest grossing paid apps in the Mac App Store. It's supposed to do what every other ad-blocker does: prevent online tracking and stop advertisements from loading. Yet after numerous complaints about the app doing things it shouldn't, like changing settings in Safari and secretly collecting users' browser history, Objective-See owner Patrick Wardle decided to figure out what exactly the suspicious doc is up to.
Wardle detailed his findings in a blog post today. The long and short of it is that even though Adware Doctor is an effective ad-blocker, it also collects browser history from Safari, Chrome and Firefox, which it then bundles up and sends to someone in China. Wardle said the actual exfiltration is currently disabled, but the version of Adware Doctor available in the Mac App Store will still collect this information and get ready to send it as soon as it can.
It's bad enough that a tool people use to protect their privacy has been secretly compromising it. But the problem is made worse by the fact that Adware Doctor is available via the Mac App Store, the entire point of which is to offer macOS users a trusted place to find software that's been vetted by Apple (and, of course, to centralize the distribution of desktop software using the mobile app model so Apple gets a 30 percent cut of these programs' revenues).
Worse still is the fact that Adware Doctor remains available even though Wardle said he notified Apple of its clear violations of Mac App Store policies a month ago. Apple didn't catch Adware Doctor's problems before releasing the app in the Mac App Store, failed to respond after numerous people complained about the app and has yet to remove it.
Apple even inadvertently markets Adware Doctor on its website. The page for the Mac App Store (opens in new tab) includes lists of the most popular apps in the marketplace, and there Adware Doctor sits, right in the number fourth spot. It's possible the page is automatically generated, but it still helps this dubious utility get even more attention from curious macOS users.
Anyone using Adware Doctor should immediately delete the app. There are plenty of alternatives that offer similar features, so even if the developer explains why the app secretly collected and shared this data, you shouldn't miss it. But the same can't be said of the Mac App Store. Apple wants its marketplace to be the primary (or even only) place where its customers find new, safe apps, yet its ability to deliver on its promises is now in serious doubt.
And here we thought an apple a day would keep the doctor away.