Apple announced on Sunday that approximately 40 apps have been removed from from the App Store because they have been infected with XcodeGhost, a software programmed to obtain valuable information from a user and upload it to several control servers. In other words passwords or other sensitive data that a user types in when using online banking or shopping. It’s not clear yet how these infected apps passed by Apple’s code review. No one from Apple gave a statement explaining how this could have happened and concerned costumers and still waiting an explanation.
The trail leads to China, were a counterfeit version of the Xcode software had been set up for download. Developers downloaded this fake software because the download speed was faster on the Chinese server than on the US one. And thus all the apps they developed came infected with the malware. So far there have been no incidents regarding data theft or any other sort of harm done by this malware.
To me it seems interesting that most of these apps are mainly used in China and some of them rival big western apps. For example Didi Chuxing which is a software similar to Uber. Apple gave a statement to Reuters that they will make sure all developrs are running the correct version of the Xcode.
This is a big blow to Apple’s credibility and showed the world that even a powerful company like Apple is not immune to software infections. This was just one example of how hackers can find and exploit weak points in software security. Hopefully developers and gadget manufacturers learn something from this event and will be more rigorous when it comes to reviewing apps before making them available to users.
Even though the apps are no longer available on the App Store this doesn’t solve the problem for users who already downloaded them. Apple advises all users to erase those apps or upgrade to a newer version that is not afected by the malware. Like WeChat which is only affected in the 6.2.5 version.