A security firm claims to have discovered 256 apps that illicitly gather user email addresses, lists of installed apps, serial numbers and other identifying information.
Apple may be obsessed with user privacy, but these apps — which violate App Store policy and have been downloaded by an estimated 1 million people — somehow got by Cupertino’s gatekeepers.
Apple is taking steps to avoid a repeat of this week’s serious XcodeGhost incident — in which hundreds of App Store apps were discovered to include malware in the form of a counterfeit version of Xcode, the platform used by developers to build their apps.
Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday.
Apple has outlined how to verify if you’re using a counterfeit version of Xcode in a new support document. Developers should always download Xcode directly from the Mac App Store or Developer Website, but if you haven’t, follow these steps to make sure your copy is legit:
If you’re as confused as we were when we first heard about the major App Store hack over the weekend, we’re here to help.
Here’s a compilation of everything we know about the XcodeGhost story, and we’ll be updating it as more develops.
The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.
The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.
Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.
Here’s a full list of infected apps:
Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost.
In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history.
