Less than stringent security procedures at some tech firms in China and a complex developer support program from Apple are being blamed for the first major attack on Apple’s App Store.
Reuters reported hackers targeted the App Store using a counterfeit version of Apple’s Xcode toolkit, which Chinese developers used because it is faster to download.
Reuters quoted Andy Tian, CEO of Asia Innovations, a Chinese app developer, as saying: “I would use the phrase ‘convergence of ignorance and complacency’. Ignorance on the side of Apple, complacency on the side of Chinese companies.”
A malware programme, called XcodeGhost, has infected thousands of Apple apps since the first outbreak in April. Security firm FireEye reported finding 4,000 iOS apps infected by XcodeGhost. Security researchers, however, said today that the affected apps are more like adware than security-invading malware.
Companies affected by the attack in China include Tencent, which runs messaging service WeChat, and Didi Kuaidi, the country’s largest ride-sharing service. Both said they have fixed the breach and no user data had been compromised, Reuters said. NetEase, China’s largest online gaming company, apologised to users for its negligence in a microblog post.
The incident highlights the drawbacks of China’s ‘Great Firewall’, which limits and slows access to sites outside of China, thus encouraging local developers to download unofficial programmes.
An Apple executive said Tuesday it would make it easier for Chinese developers to download its tools, but declined to comment about the app approval process and why developers in China were using unofficial Xcode, Reuters reported.