No. 1 paid app on iTunes taken down by developer

22 Sep 2015 | Author: | No comments yet »

Apple App Store suffers ‘worst’ malware attack.

WASHINGTON, United States — Hackers infiltrated the vaunted Apple ecosystem by injecting malicious software into popular Chinese mobile apps, potentially affecting hundreds of millions of users and raising security concerns as the US tech giant prepares its newest iPhone launch.

JUST days before its next iPhone goes on sale, Apple has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.If you bought Marco Arment’s iOS 9 content-blocking app Peace, you’re about to get your three dollars back—even if you haven’t requested a refund.Apple has decided to issue refunds to every person who downloaded the popular ad-blocker Peace that was abruptly pulled from the App Store last week after its creator had a change of heart. Arment says Apple is “proactively refunding all purchases of Peace.” Arment launched Peace on Wednesday, the same day iOS 9 officially exited its beta period. As it stands, more than 13,000 people have already received refunds for the $3 software after Peace’s creator, developer Marco Arment, pulled it amid criticism of the ethics surrounding ad blocking.

Arment, who told users to request refunds from Apple because he had no way of issuing them himself, said today that Apple made the decision on his behalf and that the refund process will likely take a few days. “I’m actually happy — or at least, as happy as someone can be who just made a lot of money on a roller coaster of surprise, guilt, and stress, then lost it all suddenly in a giant, unexpected reset that actually resolves things pretty well,” Arment wrote in a blog post. The $2.99 app quickly jumped to the number one spot on the Apple AAPL 1.67% app store for 36 hours in the U.S., generating handsome rewards for its programmer Marco Arment.

The exploit puts quite a bit of personal and device information at risk, including your Apple ID and iCloud password, the contents of your device’s clipboard and your device’s name, type and UUID (universally unique identifier). He encouraged customers to ask Apple for a refund, and said the app would continue to work for the people who bought it, just with no maintenance or updates.

He posted a screenshot of his AppFigures report on Saturday, September 19th indicating that more than 10,000 people had already requested and received refunds. The malware stems from a modified version of Xcode — that’s the set of software tools Apple provides to developers to create iOS apps — that contained malware. Palo Alto Networks said the malware was hidden in the Xcode software required for apps and made its way into applications without the knowledge of developers. The malicious code spread through a counterfeit version of Apple’s Xcode tools used to create apps for its iPhones and iPads, according to the company. The impact on you: This blanket issuing of refunds by Apple seems unprecedented, but Macworld contributor Glenn Fleishman says that when The Magazine (also founded by Marco Arment) went dark last January, Apple issued pro-rated refunds to subscribers, at Fleishman’s request.

Chinese apps are thought to be vulnerable because developers often bypass the official, more secure, Apple channels, which can be slowed by Chinese Internet monitoring. The creators of the malware took advantage of public frustration with Beijing’s internet filters, which hamper access to Apple and other foreign websites. Apple saw some backlash when it unilaterally added a free U2 album to everyone’s iTunes account, so some Peace customers might find it strange to be handed their $3 back when they didn’t even ask and assumed the sale was final.

The app should still be usable, but Arment says he has no plans to update it in the future and does not know what, if any, action Apple will take to prevent or allow Peace to remain active. Peace was just one of a handful of new apps that rely on a new content blocking feature in Apple’s iOS 9 that lets third-party software blacklist specific domains to increase page load times, improve battery life, and protect users from alleged privacy violations on behalf of advertisers’ tracking software. Tencent, the company behind WeChat, said in a report Sunday that it has identified 76 infected apps while China’s state-run broadcaster said the number could be as high as 350, according to a report in The Wall Street Journal. As the standard Xcode installer is nearly 3GB, some Chinese developers choose to download the package from other sources or get copies from colleagues. The security firm goes on to explain that when you search for “Xcode download” on Google, it returned results for several forums frequented by developers.

Many of these download links direct back to files posted on the file sharing site Baidu Yunpan, which contained the infected versions of Xcode that app makers unwittingly downloaded. If you have one of the infected apps (you can find a list here) you should delete it immediately (note that Tencent has already updated WeChat with a fix, so make sure you have the latest update, version 6.2.6.) It’s also a good idea to change your iCloud password now, especially if you downloaded one of the apps in question.

Here you can write a commentary on the recording "No. 1 paid app on iTunes taken down by developer".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site