Apple taking steps to prevent another large-scale App Store breach

23 Sep 2015 | Author: | No comments yet »

Apple is refunding all purchases of ad-blocking app Peace.

BEIJING/BOSTON: A senior Apple Inc executive said the company would make it easier for Chinese app developers to download its tools for building mobile apps in a bid to prevent further attacks on its App Store.In an FAQ posted in Chinese and in English on its Chinese website, Apple outlined the steps it is taking with users and developers to both fix the infected apps and keep affected users informed. “Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised,” the company wrote, though it did not specify when or how users would be notified.

Apple is refunding all purchases of Peace, the popular ad-blocking app that was pulled from the App Store last week after its creator changed his mind. In the wake of the first major breach on its outlet for distributing iPhone and iPad software, Apple marketing chief Phil Schiller told Chinese news site Sina.com that it will offer domestic downloads within China of its software for developing apps. Palo Alto Networks, the company that discovered the issue, identified 39 apps, though other reports suggested the number of affected apps could be much higher.

For its part, Apple said it would publish a list of the 25 most popular apps that featured the malware, though it stopped short of revealing how many total apps were infected. The list of apps apps identified by security researchers include some of the most popular offerings in China, including WeChat, Angry Birds 2 and Didi Chuxing, a Chinese ride-hailing service. It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools.

Schiller also said that Apple plans to list 25 tainted apps that the company has identified so that customers can delete and update them, according to the Chinese-language site. Infected applications includes Tencent’s hugely popular WeChat app, NetEase’s music downloading app and Didi Kuaidi’s Uber-like car hailing app. The company announced that it was moving to clean up its App Store, after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds, possible thousands, of legitimate apps.

On its official WeChat blog, Tencent said the security issue affected an older version of its app – WeChat 6.2.5 – and that newer versions were not affected. Researchers said infected apps included Tencent Holdings Ltd’s popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc. The Apple App Store is generally considered a safe haven as the barrier to entry is high – there’s only been a handful of instances of malware found on iOS apps, compared to Google’s Play store which for a while was regarded as something of a “Wild West” for apps (until they introduced their own malware-scanning system too).

The company published a lengthy note to developers Tuesday, saying that they should always download Xcode from the Mac App Store or their developer website. Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.

Here you can write a commentary on the recording "Apple taking steps to prevent another large-scale App Store breach".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site