Apple is taking steps to avoid a repeat of this week’s serious XcodeGhost incident — in which hundreds of App Store apps were discovered to include malware in the form of a counterfeit version of Xcode, the platform used by developers to build their apps.
The dodgy Xcode spread in China because it was quicker for developers to download it than it was for them to source the official Xcode from Apple’s servers.
“In the U.S. it only needs 25 minutes to download,” Phil Schiller told Chinese publication Sina. In China, however, he says that it “may take three times as long” for developers to get Xcode due to slower Internet speeds. To get around the problem, Apple will soon be providing an official version of Xcode for developers to download domestically inside China.
Schiller says that Apple will reveal a list of the 25 apps it knows have been infected by XcodeGhost, although stressed that the malware has not yet been shown to steal any information from users.
In the meantime, Apple has provided guidelines so that developers can make sure they’re not using a counterfeit version of Xcode in their apps. If you’re a dev, you can follow the instructions here to put yourself at ease.
Users can also check this list of what are believed to be all the affected apps so that you can delete them.
Source: Sina
Via: Cnet