Apple cleaned the App Store of apps containing malware today, having discovered a long con that saw developers using infected software tools, inadvertently turning their legit apps into data-collection tools for hackers.
According to Reuters, hackers duped developers into using a bad version of Apple’s Xcode app development tools. The bad version of Xcode, dubbed XcodeGhost, would make otherwise-good apps from otherwise-good developers send device information (and other, more sensitive credentials) back to the hackers.
Most of the apps affected seem to be aimed at the Chinese market — the most prominent is WeChat, a WhatsApp competitor with a major following in China. Apple hasn’t said how many apps are affected, but one Chinese security firm put the number at 344. If you use apps from Chinese developers, now would be a good time to update your phone.
Apple is continuing to “work with developers” to ensure they’re using the legit version of Xcode — it’s unclear how the hackers persuaded devs to download a fake version in the first place, but one guess is that Apple’s servers are slow in China, so XcodeGhostery was posing as a legit mirror download.
In any case, it’s an embarrassing security breach for Apple, which normally talks up the height of the wall surrounding the App Store garden as one of the reasons to switch from scary scary Android.