A suspicious adblocker puts iOS users’ privacy at risk

Shortly after Apple decided to ban legit systemwide ad blockers from the App Store, we at AdGuard stumbled upon an app called AdblockPrime, claiming to provide systemwide ad blocking for free.

The app is advertised via Google AdSense, which means that money has been invested in its promotion. How is a free app supposed to pay off?

We decided to take a closer look.

an ad of AdblockPrime

The website "adblockprime(dot)co" had not offered any app but had worked directly from the Safari browser. It had installed a specific Mobile Device Management (MDM) profile on an iPhone or iPad, which allowed it to:

  • explore the full list of apps present on the device (which is forbidden for regular iOS apps)
  • explore a browser’s history and sell the data
  • install third-party apps and thereby profit from it.

[Technical note] MDM is the administrative area of mobile devices (smartphones, tablets, and laptops). It deals with everything including deployment, security, monitoring, and management of mobile devices in the workplace. That makes it vulnerable to social engineering methods for intruding into users’ personal devices, giving someone else administrative rights.

A closer examination of the MDM profile reveals that it unlocks significant privileges, letting the ‘software’ to intercept even encrypted traffic or to install third-party apps. We were alarmed at such brazenness.

Right after the installation, AdblockPrime (a name too similar to AdBlock Plus) collected tons of statistics without informing the user. Its Privacy Policy hints at the variety of information collected by this service (for example, browser history, apps list, etc.). The website’s owner is hidden by DomainsByProxy, but the Terms & Privacy Policy point to Big Star Labs, a newly established Delaware company which is only 2 months old, and has no connections with the security and privacy software industry.

To sum up, this ad-blocker vendor is exploiting Apple iOS users’ privacy, collecting a lot of sensitive information. Users should be more attentive about what they find on the Internet, and especially about such websites or apps, which have no valid information or even an official page on the Apple AppStore.

Apple’s customers generally feel secure enough within Apple’s ecosystem (including Safari and the AppStore), so they never expect to be hacked by intruders. Exploiting the MDM in this way, the owner of the website with the ‘ad blocker’ can potentially intercept the user’s traffic (including protected traffic via HTTPS) and install third-party apps on the user’s device as well. Do you want your iPhone or iPad to become someone’s app farm? It decreases the device’s battery lifetime, performance, and storage capacity, and even helps steal private data and financial information.

Ludmila Kudryavtseva Industry News AdGuard Research
2017년 9월 25일
댓글은 Disqus에서 제공됩니다. 댓글을 다운로드하면 Disqus의 약관 및 정책에 동의하게됩니다
AdGuard Popup Blocker v2.1

Popup Blocker extension is already familiar to all of AdGuard for Windows and AdGuard for Mac users. It is one of the pre-installed userscripts that enhance the AdGuard performance, alongside AdGuard Assistant, for example. We are happy to announce that the Popup Blocker has not only undergone a major redesign and overall improvement, but is now available as a standalone script that can be installed via any userscript manager.

Anna Alpatkina AdGuard News
2017년 9월 27일
We are looking for moderators!

Hello everyone!

Today, we are going to tell you about our new policy concerning working with the translators. If you are eager to help and claim some unique rewards along the way, read on!

AdGuard 다운로드가 시작되었습니다. 화살표가 향하는 방향을 눌러 설치를 시작해주세요. AdGuard를 선택해 주셔서 감사합니다! "열기"를 선택한 다음 "확인"을 누른 후, 다운로드가 완료될 때까지 기다리세요. 창이 열려있다면, Adguard를 "애플리케이션" 폴더에 드래그해주세요. AdGuard를 선택해주셔서 감사합니다! "열기"를 선택 후 "확인"을 클릭한 다음, 다운로드가 완료될 때까지 기다리세요. 열렸으면, "설치"를 눌러주세요. AdGuard를 선택해 주셔서 감사합니다!