'Now, an anti-malware or anti-adware tool is going to need legitimate access to user's files and directories—for example, to scan them for malicious code,' Wardle explains.According to the technical process outlined in Wardle's post, Adware Doctor escapes Apple's app sandbox and calls processes tied to popular web browsers including Safari, Chrome and Firefox, and then compresses history data into a ZIP archive, which is then uploaded to the server via a call to the sendPostRequestWithSuffix method for exfiltration.
'However, once the user has clicked Allow since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file, it so chooses!'