Guides and Recommendations


Understanding Detections

By using a combination of state-of-the-art scanning techniques, iBoostUp with Spyware Doctor is able to determine whether even previously unseen apps might exhibit malicious behaviour or be a risk to your privacy.

Detections are categorised in the following way:

DANGEROUS: app or process contains a known threat, or it's code features techniques used exclusively by malicious software. We recommend immediate removal.

WARNING: the app or process may be harmful to your privacy, please investigate this further and make an informed decision as to whether you wish to continue using it. We display warnings for apps that contain things like analytics, attempt to access your mail or saved passwords (keychain), have the ability to take screenshots or access unique hardware identifiers. This is not a comprehensive list, as we give warnings on many other behaviours that could risk the security and privacy of your Mac.

Regarding keystroke capture: there are legitimate reasons for apps to be able to capture your keystrokes, for example if an app installs a system-wide shortcut. In case of any warnings related to keyboard monitoring, have a think about whether that functionality makes sense for the app in question.

Regarding browser bookmark access: some browsers are able to import your bookmarks from *another* browser, in these cases you might see a warning saying your browser has the ability to access bookmarks, which you now know is not as nonsensical of a warning as it first appears!

Any items with a threat name specified contain a known threat followed by a short description about why it's been categorised as malware.


We use the following prefixes when naming threats:

PUP. a Potentially Unwanted Program, usually these are installed under false pretenses or contain misleading functionality.

Trojan. is software misrepresenting its actual purpose; a “free” game that also installs spyware or a pirate version of an existing product that also installs a bot.

Adware. displays advertisements and may hijack your browser search results.

Bot. bots automatically or semi-automatically perform some action. This may be auto-clicking advertisements, attacking other systems or websites or installing other software.


Signatures and Codesigning

Signatures allow you to determine the source of an app and whether it's been tampered with.

Any app you download or have installed should be codesigned, but if you are running very old versions of certain software (e.g Office 2009 or Adobe CS 4) they may not be.

Scanning apps that aren't codesigned will always display a warning including the text "Unable to determine provenance." For old apps you can either ignore this warning (assuming nothing else wrong was detected) or need to find some other way to determine whether the app has been tampered with. This is because Spyware Doctor was unable to do so automatically.

Sometimes malware or targeted threats will strip one of your existing installed app's signatures then make modifications to it.

So a new "Unable to determine provenance" warning on modern, up-to-date apps you had installed earlier is highly suspicious and warrants further investigation.


Note We respect your privacy and only ever send app file metadata to the Spyware Doctor cloud, this data is sent using Transport Layer Security to prevent eavesdropping and tampering, and also processed in an anonymous fashion.

iBoostUp is Easy to Use and available from the Mac App Store.
Requires macOS 10.11+, Ventura and Apple Silicon are natively supported.


Share this page: