Over the weekend, Apple revealed that malware found its way into the App Store on a mass scale after several of China’s most popular apps were infected with code that could snoop on iOS devices and steal passwords. The breach is bad news for Apple, which uses its security as a major selling point and has stiff competition in the lucrative Chinese market.
The big question right now is who is responsible for the leak, and whether there is a strong likelihood it will happen again. According to the Wall Street Journal, Apple claims the hack happened as a result of developers using an unofficial, compromised version of Xcode, the developer kit used to create apps for Apple products. Meanwhile, Chinese Internet giant Tencent issued a report of its own that said the infected Xcode kit was being circulated on several web forums for the better part of six months. About 350 apps were infected by the compromised version, including messaging service WeChat and the ride-hailing app created by Didi Kuaidi, the Uber competitor that recently teamed up with Lyft. Apple has since taken down the apps in question.
The Wall Street Journal reports that someone who goes by XcodeGhost-Author claimed to be the author of the compromised Xcode kit and posted an apology on microblogging site Weibo. The person wrote that the infected code was designed to push unauthorized ads onto iPhones and iPads, but that it was never used for that purpose. The malware, the user said, was only gathering basic data. But Chinese officials argue it was an orchestrated effort, given that the Xcode was distributed for half a year under various pseudonyms.
This incident undercuts Apple’s reputation, particularly in regards to operating in China. In comparison to the U.S., China’s app market is something of a free-for-all, with scores of widely used Android app stores. Apple has proclaimed that its own App Store is a safe alternative for users who don’t want to be snooped on–but it appears the company may not be able to guarantee that anymore.
[via Wall Street Journal]