A suspicious adblocker puts iOS users’ privacy at risk

Shortly after Apple decided to ban legit systemwide ad blockers from the App Store, we at AdGuard stumbled upon an app called AdblockPrime, claiming to provide systemwide ad blocking for free.

The app is advertised via Google AdSense, which means that money has been invested in its promotion. How is a free app supposed to pay off?

We decided to take a closer look.

an ad of AdblockPrime

The website "adblockprime(dot)co" had not offered any app but had worked directly from the Safari browser. It had installed a specific Mobile Device Management (MDM) profile on an iPhone or iPad, which allowed it to:

explore the full list of apps present on the device (which is forbidden for regular iOS apps)

explore a browser’s history and sell the data

install third-party apps and thereby profit from it.

[Technical note] MDM is the administrative area of mobile devices (smartphones, tablets, and laptops). It deals with everything including deployment, security, monitoring, and management of mobile devices in the workplace. That makes it vulnerable to social engineering methods for intruding into users’ personal devices, giving someone else administrative rights.

A closer examination of the MDM profile reveals that it unlocks significant privileges, letting the ‘software’ to intercept even encrypted traffic or to install third-party apps. We were alarmed at such brazenness.

Right after the installation, AdblockPrime (a name too similar to AdBlock Plus) collected tons of statistics without informing the user. Its Privacy Policy hints at the variety of information collected by this service (for example, browser history, apps list, etc.). The website’s owner is hidden by DomainsByProxy, but the Terms & Privacy Policy point to Big Star Labs, a newly established Delaware company which is only 2 months old, and has no connections with the security and privacy software industry.

To sum up, this ad-blocker vendor is exploiting Apple iOS users’ privacy, collecting a lot of sensitive information. Users should be more attentive about what they find on the Internet, and especially about such websites or apps, which have no valid information or even an official page on the Apple AppStore.

Apple’s customers generally feel secure enough within Apple’s ecosystem (including Safari and the AppStore), so they never expect to be hacked by intruders. Exploiting the MDM in this way, the owner of the website with the ‘ad blocker’ can potentially intercept the user’s traffic (including protected traffic via HTTPS) and install third-party apps on the user’s device as well. Do you want your iPhone or iPad to become someone’s app farm? It decreases the device’s battery lifetime, performance, and storage capacity, and even helps steal private data and financial information.