Sowas als Benutzer oder auch Entwickler an Apple mitzuteilen ist sowieso fast unmöglich. Die werden auch beim nächsten Update höchsten zufällig drauf stoßen..

Also wurde rausgenommen mittlerweile laut Statement von Apple. Mich würde mal interessieren, ob die App per Remote gelöscht wird, der User kriegt das ja nicht immer mit, dass da was gesendet wird (ja, kann Apple

ob die App per Remote gelöscht wird, der User kriegt das ja nicht immer mit, dass da was gesendet wird (ja, kann Apple

gerade dieser mackeeper ist mir schon seit mindestens 5 jahren ein heftiger dorn im auge, dass das ding sogar noch im app store gelandet ist schockiert mich zutiefst, denn das hätte ich apple tatsächlich niemals zugetraut. den leuten muss wohl deutlich klar gemacht werden, das es weder auf macos noch windows eine notwendigkeit für diese drecks-malware-derivate gibt...............

...............Finger weg von MacKeeper und Co.!!

The normal modus operandi of Apple is to pull that one app and let the same author submit another fraud/malicious app. We know and have seen this with syssecinfo

It's the same developer as the "Komros Anti Malware & Adware" MAS app, only using a different name. Uses the same URLs to send the user data to. Both apparently steal browser history, google search history, MAS search history.

Welcome to the club of the „knowing ones“. Every security feature of iOS was designed to protect Apple‘s revenue stream. Increased user data security was the lucky result.
Q:

Use AppStore they said. You are protected they said. No malware they said. Give us 30% they meant.
Q:

Great article @thomasareed . Trend was acting dirty also but Apple seems to not care ( 30% cut is what they really care

[…]

What does all this mean?

It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of.

We’ve reported software like this to Apple for years, via a variety of channels, and there is rarely any immediate effect. In some cases, we’ve seen offending apps removed quickly, although sometimes those same apps have come back quickly (as was the case with Adware Doctor). In other cases, it has taken as long as six months for a reported app to be removed.

In many cases, apps that we have reported are still in the store. Case in point…all of the above.

I strongly encourage you to treat the App Store just like you would any other download location: as potentially dangerous. Be cautious of what you download. A free app from the App Store may seem perfectly innocent and harmless, but if you have to give that app access to any of your data as part of its expected functionality, you can’t know how it will use that data. Worse, even if you don’t give it access, it may find a loophole and get access to sensitive data anyway.

If you download one of these apps and are now regretting it, you can report the app to Apple:

https://reportaproblem.apple.com

Apple states:
"The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store."

However, it's questionable whether these statements actually hold true, as one of the top grossing applications in the Mac App Store surreptitiously exfiltrates highly sensitive user information to a (Chinese?) developer. Though Apple was contacted a month ago, and promised to investigate, the application remains available in Mac App Store even today.

[…]

A Closer Look

Let's now tear apart the application to answer questions such as:

■ How does it 'bypass' the constraints of the Mac App Sandbox to access user's files?
■ How does it actually collect the user's browser history from all popular browsers?
■ What other system information and personally identifiable information (PII) is it collecting?

From a security and privacy point of view, one of the main benefits of installing applications from the official Mac App Store is that such applications are sandboxed. (The other benefit is that Apple supposedly vets all submitted applications - but as we've clearly shown here, they (sometimes?) do a miserable job.)

[…]

Ramifications

From a purely technical point of view, Adware Doctor is only mildly interesting, though it does make a good case-study and 'walk thru' of reversing a macOS application. However, there are clearly bigger issues at play!

First, there is rather a MASSIVE privacy issue here. Let's face it, your browsing history provides a glimpse into almost every aspect of your life. And people have even been convicted of murder based largely on their internet searches!

Second, let's have a brief chat about the Mac App Store and Apple's role (or lack there of) in all of this.

Apple states:
"The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it's accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store."

While there is no doubt that downloading apps from the Mac App Store is, generally speaking, far safer than from some random website on the internet, the other claims in this statement perhaps lack some truthiness - at least in the case of Adware Doctor

As noted Adware Doctor has a long history of questionable behavior, and now acts in a manner that clearly violates Apple's App Store stringent rules and policies...in many ways! For example in the "Data Collection and Storage" section of the "App Store Rules & Guidelines" it states that:

■ Apps that collect user or usage data must secure user consent for the collection.
■ Apps must respect the user’s permission settings and not attempt to... trick, or force people to consent to unnecessary data access.
■ Developers that use their apps to surreptitiously discover ...private data, will be removed from the Developer Program.

At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user.

Beyond its mistreatment and blatant disrespect of user data, the fact that Adware Doctor "dances around" the Mac App Sandbox seems to clearly be another violation as well. For example, that fact that Apple blocks the invocation of ps illustrates the fact that sandboxed applications should not be enumerating running processes from within the sandbox. If an application developer finds away around this, this is still a violation.

If Apple is really "review[ing] each app before it's accepted by the store" ... how were these grave (and obvious) violations of this application missed!? Who knows, and maybe this one just slipped though. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!

But this bring us to the next point. Apple also claims that "if there's ever a problem with an app, Apple can quickly remove it from the store". Maybe the key word here is "can".

A full month ago, we reported our findings to Apple, which they acknowledged, and promised to investigate:

[…]

...since then, crickets! Which of course is incredible frustrating.

How can Apple, who boldly state that "Privacy to us is a human right...a civil liberty" not take action?

Conclusion

In this blog post, we tore apart Adware Doctor - one of the top grossing apps in the official Mac App Store. This research (original credit: @privacyis1st) uncovered blatant violations of users' privacy and complete disregard of Apple's App Store Guidelines.

And surprising, though this was reported to Cupertino through official channels a month ago, the app remains in the Mac App Store even today!

It's tempting to wonder if Apple's 30% cut of each sale of this massively popular app has lead to such egregious inaction. And does it not seem that their laudable statements on supporting user privacy, are sadly only words?

]The good news is, Apple can decisively act restoring our faith in both the Mac App Store, but more importantly in their commitment to all us users. How? Easy! By pulling the app and refunding all affected users. As though we'll never get our browser history back, recovering our hard-earned money would be a start! Your move Apple ♡[/b]

Ganz ehrlich? Erwartet man von einer App eines kleinen Entwicklers/Unternehmens wirklich, dass diese seriös ist? Mit den paar Kröten, die das Dingen kostet, kann der Entwickler kein Geld machen und greift zu anderen, unseriösen Mitteln.

@sierkb

Ein Link zu dem jeweiligen Artikel, würde doch auch völlig ausreichen.

@sierkb

Ein Link zu dem jeweiligen Artikel, würde doch auch völlig ausreichen.