One of the strengths of Apple’s iOS App Store is a very strict submission process. We have been hearing over the years about developers saying how their apps were rejected for something very small and even irrelevant, even though every developer gets a detailed report during this process. This is why it was surprising to learn that malicious apps found their way into the App Store.
Apple has officially admitted that that App Store’s integrity was compromised due to malicious apps that were infected by unauthorized Xcode tools before being submitted to the App Store. The company is currently removing infected apps from the Store.
Apple provided the following statement to Reuters:
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokesperson Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Even though we don’t know for sure how these apps found their way to the App Store, one theory is that Apple’s servers are slow to download from in China, so developers used an alternative mirror for Xcode tools.
Chinese security firm Qihoo360 Technology said on its blog that over 350 apps are tainted with infected code. One of those apps is WeChat, one of the most popular messaging apps in China.
Apple declined to say how many apps might be infected.