In the wake of developers downloading a malware-filled copy of your development tools and inadvertently uploading tons of malware-filled apps to the App Store, it helps to put some money into infrastructure and make sure the slow download speeds for the genuine version of the development tools are sufficient, thus removing the need to download the fake version in the first place.
Apple’s Phil Schiller, the company’s senior vice president of worldwide marketing, said on Tuesday that steps are being taken to prevent any such occurrence of the conditions that caused the XcodeGhost issue in the future.
The source of the tainted apps was a program called XcodeGhost, a counterfeit version of Xcode, the platform used by developers to create programs for iOS and Mac. Developers in China often download Xcode from local sites due to the slow download speeds associated with sourcing it officially from Apple’s US servers. The spurious version of Xcode was slipped in amongst the authentic ones on Chinese sites and downloaded by many programmers, unbeknownst to them.
“In the US it only needs 25 minutes to download,” Schiller told Sina, admitting that in China getting Xcode “may take three times as long.” He told the Chinese publication that, to quell this problem, Apple would be providing an official source for developers in the People’s Republic to download Xcode domestically.
He added that the Californian tech giant will soon reveal a list of 25 apps it knows to have been infected. However, Schiller made sure to note that the malware is relatively harmless and that there’s no evidence of it stealing any information from users that have downloaded a tainted app.
It’s been reported that 39 apps were compromised, including ones used for trading stocks and banking. Also among them was WeChat, a messaging app with over 500 million monthly users. Its developer, Tencent, has said that only users of an older version of WeChat could potentially be affected.
The App Store’s security has historically been solid. Palo Alto Networks noted that prior to this attack only five malware-infected apps have been able to make it through the company’s testing. There are over 1.5 million apps in the store.
Stay tuned for additional details as they become available.