XcodeGhost: App Store malware shows the weakest links and Apple’s advantage

24 Sep 2015 | Author: | No comments yet »

10 must-have Apple Watch apps making the most of watchOS 2.

Apple has released a list of 25 apps that were created using a counterfeit version of Xcode that contained malware. China’s “Great Firewall” may have been partly to blame for the first major attack on Apple Inc’s App Store, but experts also point the finger at lax security procedures of some big-name Chinese tech firms and how Apple itself supports developers in its second biggest market.Ever since Apple let slip in June that the latest version of its operating system for iPhones and iPads would enable ad blocking, the discussion of the looming apocalypse for ad-dependent publishers has been impossible to avoid — unless you’ve installed ad-blocking-discussion-blocking software, of course.

Beijing: Apple Inc has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach. Earlier this month security firm Palo Alto Networks said that as many as 39 apps with malicious code, or malware were in the App Store (Apple confirmed that 40 apps were affected), but security researchers have said that they have since identified thousands of more such apps. A malicious programme, dubbed XcodeGhost, hit hundreds – possibly thousands – of Apple iOS apps, including products from some of China’s most successful tech companies used by hundreds of millions of people. A study released in August showing growing use of ad blockers on computer Web browsers also fanned the flames, but the fear that the practice is about to engulf the much-faster-growing mobile world is most intense. Now the adblockalypse would appear to be upon us, with iOS9 installed on more than half of Apple mobile devices and an ad- blocker called Crystal atop the paid-download list in Apple’s App Store.

Companies affected by the XcodeGhost attack included Tencent Holdings Ltd, one of the world’s biggest internet firms, and Uber Technologies Inc’s biggest challenger, Didi Kuaidi, which just completed a $3 billion private fundraising round. That’s partly because the iOS change targets the Safari browser; the majority of users who consume media on smartphones via social networks and other apps aren’t affected. Now you can tap and edit each complication so you’re seeing exactly what you want, whether it’s activity rings, temperature, or a third-party option. Some Chinese firms had said they were pushed to download Apple’s developer toolkit from unofficial sources in China because of the slow internet speeds when connecting to international services.

Here’s an ad executive, quoted in a 1987 Philadelphia Daily News article, fretting about the rising popularity of videocassette recorders: “When a viewer records a network program to play it back at a later time, they often zip through the commercials or they zap them out entirely. Hackers are increasingly looking for new ways to target mobile apps and devices, including iPhones, because they are so widely used by many consumers, added Darren Hayes, a cybersecurity expert at Pace University in New York. The world’s second-largest economy has average internet speeds more than three times slower than those in the United States, according to online content delivery firm Akamai’s latest State of the Internet report.

The creators of this malware took advantage of public frustration with Beijing’s internet filters, which hamper access to Apple and other foreign websites. Same with DVDs, DVRs, pop-up ad blockers and a long series of other supposedly existential technological threats to media that turned out to be largely harmless or even a boon. The size of that contribution to the tech giant’s bottom line has fuelled resentment among some of the Chinese firms who are making those apps, who complain of lack of support. If Apple had provided a local, quick source for the official Xcode software sooner it could have avoided the problem, said software developer Feng Dahui. There is a natural human need to have businesses proposition you with goods and services and vice versa.” This doesn’t necessarily mean, though, that they will keep doing that propositioning in the same ways and via the same channels.

But regardless of the challenges facing them in China, many app developers and security experts said the tech firms themselves bear the most responsibility for the attack, which has affected mostly Chinese companies and users so far. It is at least worth considering that this really is the beginning of the end for most advertising on the Internet, at least advertising of the kind we’re used to, and find so irritating.

It is often attributed to the way advertisers track consumers across the Internet, clogging up their browsers, invading their privacy and sometimes just creeping them out. Such advertising can be counterproductive — the underpants thing has been happening to me lately, and I think it has convinced me never to go near any online outpost of underwear seller Mack Weldon again — but that effect is hard to measure, while the tiny percentage of people who click through on the ads and buy stuff are of course easy to count.

It is instead the online equivalent of junk mail or late-night TV infomercials: technology-enabled, data-driven, personalized pitches intended to get us to buy something now. Blogger and marketing prophet Doc Searls thinks the key to fixing online advertising is to make this kind of targeted advertising — he calls it adtech — much harder: “In marketing lingo, adtech is a form of direct response marketing, which is descended from the direct (aka junk) mail business, not from Madison Avenue. “The baby in the adblock bathwater is Madison Avenue, which has paid for nearly everything on newsstands, radio and TV since their beginnings. Even if we didn’t like ads fattening our magazines or interrupting our programs, we knew the economic role they played, and we appreciated their best work.” The problem with this proposal is that mass-market, Madison-Avenue-style ads have never been very successful on the short-attention-span, increasingly small-screen Internet. When they try to command users’ attention by delaying access to articles or with auto-playing videos, they’re just as irritating as ad tech, and are in fact a major target of current ad blockers.

Buzzfeed is trying hard to come up with forms of brand advertising that people actually want to share online, and that will surely be one path to survival for ad-supported media companies. But the ability to target and track individual users is such a big part of what Internet advertisers do that it’s hard to imagine them giving up without a vicious fight. The “cookies” used to track me also make it possible for me to read the Financial Times and Wall Street Journal online without having to log in every danged time. The Verge’s Nilay Patel argues that Apple’s iOS9 ad-blocking move was aimed squarely at archrival Google and its central role in the existing Internet advertising infrastructure. Doc Searls has in the past described a vision, which I find extremely appealing, of an online world in which individualization and targeting are possible, but the consumer controls the process.

Here you can write a commentary on the recording "XcodeGhost: App Store malware shows the weakest links and Apple’s advantage".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site