Latest in Apple

Image credit:

Malware-ridden apps found in Apple's Chinese App Store

Roberto Baldwin, @strngwys
September 18, 2015
Share
Tweet
Share

Sponsored Links

The iOS App Store is usually a trustworthy source of software. But as hackers tend to do, they found a way to get their nefarious wares into the China version of the software supermarket. By using altered versions of Apple' development tool Xcode they were able to slip malware into apps being built by unaware devs. The problem started when developers downloaded altered versions of Xcode (named "XcodeGhost" Alibab researchers) from third-party sites. When apps built with the modified compiler are launched, they collect the phone's name, UUID, language and country, current time and network type. That data is then encrypted and sent to servers. Not a huge breach, but no one wants to be tracked by unknown sources.

The bigger issue is that these apps made it into Apple's App Store in China. While only a handful of apps have gotten past Apple's strict security, all it takes is one app with an aggressive piece of malware to destroy the trust customers have put in Apple. Fortunately, the apps have only been seen in the App Store in China.

Also, developers shouldn't be downloading their tools from random third-party sites. Just a thought.

Apple has not responded to requests for comment about XcodeGhost and the infected apps.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Nreal Light mixed reality glasses launch in Korea with the Galaxy Note 20

Nreal Light mixed reality glasses launch in Korea with the Galaxy Note 20

View
Nintendo 'gigaleak' reveals the classic games that never were

Nintendo 'gigaleak' reveals the classic games that never were

View
California wins injunction against Uber, Lyft classifying drivers as contractors

California wins injunction against Uber, Lyft classifying drivers as contractors

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr