‘Great Firewall’ encourages unofficial downloads, spawns XcodeGhost

‘Great Firewall’ encourages unofficial downloads, spawns XcodeGhost

23 SEP 2015

Less than stringent security procedures at some tech firms in China and a complex developer support program from Apple are being blamed for the first major attack on Apple’s App Store.

Reuters reported hackers targeted the App Store using a counterfeit version of Apple’s Xcode toolkit, which Chinese developers used because it is faster to download.

Reuters quoted Andy Tian, CEO of Asia Innovations, a Chinese app developer, as saying: “I would use the phrase ‘convergence of ignorance and complacency’. Ignorance on the side of Apple, complacency on the side of Chinese companies.”

A malware programme, called XcodeGhost, has infected thousands of Apple apps since the first outbreak in April. Security firm FireEye reported finding 4,000 iOS apps infected by XcodeGhost. Security researchers, however, said today that the affected apps are more like adware than security-invading malware.

Companies affected by the attack in China include Tencent, which runs messaging service WeChat, and Didi Kuaidi, the country’s largest ride-sharing service. Both said they have fixed the breach and no user data had been compromised, Reuters said. NetEase, China’s largest online gaming company, apologised to users for its negligence in a microblog post.

The incident highlights the drawbacks of China’s ‘Great Firewall’, which limits and slows access to sites outside of China, thus encouraging local developers to download unofficial programmes.

An Apple executive said Tuesday it would make it easier for Chinese developers to download its tools, but declined to comment about the app approval process and why developers in China were using unofficial Xcode, Reuters reported.


Joseph Waring

Joseph Waring joins Mobile World Live as the Asia editor for its new Asia channel. Before joining the GSMA, Joseph was group editor for Telecom Asia for more than ten years. In addition to writing features, news and blogs, he...

Read more