Following the recent malware scandal to befall Apple’s app store, many questions have been raised as to why and how this was allowed to happen; especially when considering how mediocre XcodeGhost is as a malware program. As it happens, as with most of our modern blunders, the answer lies in politics.
Unfortunately no amount of digging for answers will undo the damage done to Apple’s credibility, but doing so may help us better understand how to prevent such attacks in future; and why IOS users were so lucky this time.
A recap on the incident
Before we go any further it comes of use to refresh your memory on the week’s earlier incident.
On Sunday, 20th sept. 2015. Apple announced malicious code had found its way into a couple dozen applications available in the App Store – the first successful major attack on the apple marketplace according to this report.
The program hid malicious code in any Apps made by the tool, without the App developers knowledge. The bad Apps originated from China; where the XcodeGhost was downloaded by developers through untrusted sources.
Apple said on Monday it had found and removed a couple dozen of applications affected by the counterfeit version of Apple’s development software Xcode.
Here is a list of the –known– affected apps:
- DiDi Taxi
- 58 Classified – Job, Used Cars, Rent
- Gaode Map – Driving and Public Transportation
- Railroad 12306
- China Unicom Customer Service (Official Version)*
- CarrotFantasy 2: Daily Battle*
- Miraculous Warmth
- Call Me MT 2 – Multi-server version
- Angry Birds 2 – Yifeng Li’s Favorite*
- Baidu Music – Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke
- DuoDuo Ringtone
- NetEase Music – An Essential for Radio and Song Download
- Foreign Harbor – The Hottest Platform for Oversea Shopping*
- Battle of Freedom (The MOBA mobile game)
- One Piece – Embark (Officially Authorized)*
- Let’s Cook – Receipes
- Heroes of Order & Chaos – Multiplayer Online Game*
- Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
- I Like Being With You*
- Himalaya FM (Audio Book Community)
- Flush HD
- Encounter – Local Chatting Tool
The how and why
With the above in mind, you may be asking ‘well why on Earth would Chinese developers not just download Xcode through Apple servers?’
Were it so simple. Whereas free press and an anti-censorship culture exists in a couple hundred countries all told; China is not amongst them. The Chinese government have introduced harsh restrictions on data flow coming into the country. Known as ‘the great firewall of China,‘ the restrictions in place prevent citizens accessing thousands of commonly used sites; even going so far as to block virtual private networks (VPN) and encrypted sessions.
This has led to Chinese academics and scientists having to put up with out-of-date research material, and fears of eventual mass expatriation as a result.
Compound the lack of access to the latest information and software, with the prolific piracy present in the PRC (in part due to unenforced penalties and almost no criminal legislation in China) and you begin to see why it is so hard for Chinese devs to simply download the official Xcode.
It is because of the difficult situation created by the local government that Chinese devs regularly download software from unofficial sources. Disabling their system’s security warnings in the process. Some simply have no other good choices. As Apple explain in this FAQ.
The end result
Because of the current situation in China; developers have inadvertently flooded the App store with dozens, maybe even hundreds, of malicious apps. Thankfully the XcodeGhost malware possesses relatively little threat. Due to Apple security measures on app-app interactions; it has been unable to extract personal data from phones and other Apple devices. However it is capable of triggering fake alerts on iPhones to convince Apple users to give up their account information.
This has been dubbed by other news outlets as a “public black eye for Apple”. Furious shareholders and uneasy customers are sure to hurt even the most prestigious of businesses. This is made no better by the fact that because the attack is weaved into app code; users have no way to separate the good apps from the infected. We will all just have to hope Apple finds and removes any other infected apps and steps up security in the future.
The intrusion has exposed “potentially hundreds of millions” of users to the malicious code and caused quite the uproar. With the growing concern that a company so large and renowned could fall prey to this; the pressure is on Apple to respond, and negotiate with the Chinese government for easier access to Xcode for Developers in the region.