In order to distribute apps in Apple’s App Store, developers need to keep up to date with the latest versions of XCode; however, Apple has historically released new versions of XCode to US customers before those in other countries. This has spurred developers in China, including reputable ones, to obtain the latest versions of XCode from secondary sources. Unfortunately, these developers were recently duped into using malware-laden versions of XCode that injected malware into their apps upon submission to the App Store.
When installed, these compromised apps would attempt to steal personal data, causing a recent alarm for those using the Chinese App Store, and spurring Apple to remove the affected apps. In addition, Apple has released a FAQ on the problem, outlining the cause of it and what it has done to fix the issue. In essence, Apple is making new versions of XCode more available to Chinese developers, and has listed the apps that were created using modified versions of XCode, so users can identify and remove them from their systems.
- DiDi Taxi
- 58 Classified
- Gaode Map
- Railroad 12306
- Flush
- China Unicom Customer Service
- CarrotFantasy 2: Daily Battle
- Miraculous Warmth
- Call Me MT 2
- Angry Birds 2
- Baidu Music
- DuoDuo Ringtone
- NetEase Music
- Foreign Harbor
- Battle of Freedom
- OnePiece
- Let’s Cook
- Heros of Order & Chaos
- Dark Dawn
- I Like Being With You
- Himalaya FM
- CarrotFantasy
- Flush HD
- Encounter
This is not the first time that official Apple software has been hacked and then re-distributed, in the past, versions of Apple’s iWork software suite were distributed on peer-to-peer file sharing networks that contained malware. While this current issue primarily affects Chinese customers, it does outline the need for everyone to ensure you only use apps obtained from official sources. Unfortunately, in this case Apple’s own App Store security failed to catch this type of problem, which resulted in the spread of the malware through its store, so ultimately this does shed light on some of the limits that even well-seasoned companies like Apple may encounter.
Since this is all about the Chinese App Store wouldn’t it have been better to post this article in Mandarin instead of English? I use the U.S. App Store so…
It doesn’t appear to be exclusive to China, though that is where the bulk of duped developers responsible, and the bulk of the products reside.
Well then tell me where I might have found an infected app on the U.S. store? The problem is people assume there’s only one compiled version of an app and that that app makes it way onto every app store around the world. They DON’T. Take for example, the Angry Birds 2 app. The infected version was a Chinese localized version. It did NOT make it to theU.S. App Store.