The rogue Mac app sent the stolen data to China.
One of the top-selling apps in Apple's Mac App Store was deceiving users and stealing their browser histories to send to China, TechCrunch reports.
The nefarious app, known as Adware Doctor, was the highest grossing paid app in the App Store's "paid utilities" category.
The app advertised itself as a tool to keep a user's Mac safe and block annoying pop-up advertisements, which is why so many users were willing to pay $4.99 for it.
What users did not pay for or consent to was for the Adware Doctor to access and download their browser histories, including any website they've ever searched for, and then send that data to servers in China belonging to the makers of the app.
Cybersecurity researcher Patrick Wardle discovered the app was able to bypass Apple's sandboxing features to upload each user's browser history.
"Its access to this very private data is clearly based on deceiving the user," says Wardle.
Apple has since removed the app from the Mac App Store. According to TechCrunch, however, it took several weeks.
Apple frequently rejects apps based on security and privacy criteria, like in August, when the tech company pulled Facebook's VPN app from the app store for violating its updated privacy policies.