Apple is undergoing a clean-up of its iOS App Store following the biggest malware attack in its history.
It’s long been asserted that Apple is the safest choice for smartphone owners, with the company heavily regimenting the apps allowed to be put on sale and shunning Google’s open source approach to programming. It has worked well, with only five malicious apps having been discovered in the App Store since it first opened.
This all changed, however, with the discovery of XcodeGhost, a malicious code found within hundreds of otherwise legitimate games. Hackers managed this by fooling developers into using their counterfeit version of Apple’s own app-creation software, a tainted version known as Xcode.
Does this pave the way for future attacks?
Despite Apple taking this breach very seriously, it’s thought that any damage caused by these apps would be minimal. In fact, director of threat intelligence Ryan Olson said there had been no discoveries as yet of data theft or any other harm emerging from these apps. Nevertheless, every single one known to contain XcodeGhost has been removed from the App Store until further notice.
The biggest concern is that this attack has shown other – possibly more sophisticated – hackers how to work around the system. Developers who used the tainted software were thought to have been swayed by the faster downloads it offered, with it coming from a Chinese server and not Apple’s own ones in the US.
Apple will now be looking to protect developers from falling for similar ploys by making sure everyone wanting to develop an app for its platforms goes through all the official channels.
The corporation, which is known for its secrecy, has neglected to say how many devices could be affected by the app, or even how iPhone users could check if they are one of those impacted. Instead, Apple spokesperson Christine Monaghan told reuters.com: “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”