Thousands of iOS apps infected by XcodeGhost

24 Sep 2015 | Author: | No comments yet »

Apple hack exposes flaws in building apps behind ‘Great Firewall’.

Beijing: China’s ‘Great Firewall” may have been partly to blame for the first major attack on Apple Inc’s App Store, but experts also point the finger at lax security procedures of some big-name Chinese tech firms and how Apple itself supports developers in its second biggest market. When Apple introduced its latest tablet computer earlier this month in San Francisco, CEO Tim Cook called the iPad Pro—a large-screen tablet with a detached keyboard—the “clearest expression of our vision of the future of personal computing.” The general reaction to this, once people stopped tweaking Apple for reinventing the Microsoft Surface, was applause.

A malicious programme, dubbed XcodeGhost, hit hundreds — possibly thousands — of Apple iOS apps, including products from some of China’s most successful tech companies used by hundreds of millions of people. Palo Alto Networks, the US internet security company that spotted the problem, says the attacker could send commands to infected devices that could be used to steal personal information and, in theory, conduct phishing attacks. Like many others, I’m guilty of snoozing my alarm clock in the morning, at least once or twice, just to get one last relaxing moment with my bed before starting a long day of work. Major media companies, including CBS and Univision, say they haven’t felt any sort of impact yet, reports CMO Today, despite the early popularity of ad blockers in the app store. Companies affected by the XcodeGhost attack included Tencent Holdings Ltd, one of the world’s biggest internet firms, and Uber Technologies Inc’s biggest challenger, Didi Kuaidi, which just completed a $3 billion (Dh11.01 billion) private fund-raising round.

Apple’s strict nine-minute snooze policy is personally annoying: It gives me just enough time to fall asleep again for a few minutes, which doesn’t help me wake up. It seemed clear that the company intended to move its personal computers “into a more iPad/iPhone-like ecosystem, where Apple gives you permission to use the computers you buy in only the ways Apple considers appropriate.” Is Apple planning to make all its personal computers iOS devices at some point?

More than any other major computing platform, iOS limits customer choices to those Apple deems appropriate—in large part by forcing software developers to get permission before selling, or even giving away, the apps that run on the platform. A huge mistake on their part.” An Apple spokeswoman did not respond to questions about the app approval process and why developers in China were using unofficial Xcode, but a senior executive said on Tuesday the company would make it easier for Chinese developers to download its tools.

Some Chinese firms had said they were pushed to download Apple’s developer toolkit from unofficial sources in China because of the slow internet speeds when connecting to international services. The country’s censorship architecture, dubbed the Great Firewall, does not block app developers from downloading the official version of Xcode, but the controls, along with low investment in infrastructure for international connections, make using services based outside China a painful process. The world’s second-largest economy has average internet speeds more than three times slower than those in the United States, according to online content delivery firm Akamai’s latest State of the internet report. The report says that Apple’s decision to allow mobile ad blocking may be “overblown” and that most consumers–if they care about blocking ads at all–are more likely to do so on desktops.

China is a huge market for Apple, which earned around $13 billion in Greater China in the last financial quarter and in January 2014 said Chinese developers had launched 130,000 apps for its mobile devices and personal computers. Software developers unwittingly downloaded and used development tools that had been modified, so when they uploaded their apps to Apple, the apps were infected.

The size of that contribution to the tech giant’s bottom line has fuelled resentment among some of the Chinese firms who are making those apps, who complain of lack of support. Neither they nor Apple caught the hack until some number—it’s unclear how many—of users had installed the malware-laden apps, including versions of several hugely popular ones such as WeChat, on their devices.

If Apple had provided a local, quick source for the official Xcode software sooner it could have avoided the problem, said software developer Feng Dahui. But regardless of the challenges facing them in China, many app developers and security experts said the tech firms themselves bear the most responsibility for the attack, which has affected mostly Chinese companies and users so far. Before any huge conclusions are drawn and the media and ad world brushes ad blocking aside, it’s worth noting that the survey was conducted among just 520 people.

Apple is asserting that it has the right, and the duty, to prevent its customers from seeing things that Apple, in its sole judgment, considers offensive or fotherwise objectionable. While a bunch of big name publishers signed on, like the New York Times, it still seems rare for anybody to ever see these Instant Articles in their Facebook feeds.

In the most recent case, journalist Dan Archer found himself stymied by the Cupertino content cops when he tried to ship an app that combined virtual reality with politics. The Washington Post says it is all in on Facebook Instant Articles and plans to dump every single story it publishes onto the platform — about 1,200 stories a day, reports The Wall Street Journal.

It wasn’t the first time Apple has done something like this, incidentally. “Either Apple and other platform developers need to be far more transparent in their adjudication process, or they need to give rejected apps more concrete feedback,” Archer wrote. If they think someone might be offended by something in their story, assuming it’s not illegal in the first place (and very, very little speech is illegal), they should set aside an area for people who want to check out material that others might find deeply offensive. Members of the WSJ Custom Studios group conducted video interviews with Drug Enforcement Agency officials, for example, as they looked to produce a content package that brings to life the era “Narcos” chronicles–the rise of the Colombia-to-U.S. drug trade of the 1980s.

Here you can write a commentary on the recording "Thousands of iOS apps infected by XcodeGhost".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site