After dealing with serious malware problem in its App Store, Apple finally announced their strategy to prevent malware from entering their digital store. Does it work?
Apple Xcode
The recent malware outbreak taught Apple lots of thing about their app security. Their App Store is no longer the most secured online store, thanks to the outbreak. There are lots of malicious app in the store, which Apple didn’t recognize until they got the reports. What should they do? Remove the app from the store? Well, that would be a good idea, but it won’t stop developers from sending in lots of other malicious app. Removing them will be a waste of time, which every company should avoid. There has to be another way of clearing the store from malicious app and preventing other apps from entering the store.
Is there something like that?
Well, as a matter of fact, the solution has existed for years and we’ve been using them: Apple XCode. It’s clearly stated in Apple’s app policy that the XCode must exist in every iOS App. In the other words, the only way you can create an iOS app and get approved by Apple is by using Apple XCode. This is when everything gets interesting. If all apps are written in XCode, does it mean there should not be any malware outbreak?
Well, it supposed to be that way. There won’t be any outbreak if only Apple was strict in applying its app development policy. All developers are supposed to use only Apple XCode to develop apps for iOS, but as a matter of fact, some of them don’t. Some developers, especially them who resides in China, choose an alternative ‘XCode’ to build their apps. Before the App Store was cleaned, these people were responsible in creating around 85 apps with malicious scripts. To help recognize the scripts, security experts name the ‘alternative’ XCode as XCodeGhost.
Is It Dangerous?
Well, you won’t see this article if XCodeGhost was safe. Basically, everything you change from an original script is illegal and, therefore, dangerous, especially if you inject those scripts with malware.
Wow, that’s dangerous, but why those developers choose XCodeGhost, instead of Apple’s original XCode? The answer is simple. Some developers choose to ignore the original XCode because of the download time. As you can see, the only way to download Apple’s original XCode is to download the code from Apple’s server in US. Well, it won’t be a problem if you currently resides in US or have high-speed internet connection. It won’t take long to download the code, but what if you don’t have that much juice? Should you give up? I think not. Building an app is a lucrative business. Either you make it as a paid app or free one with ads in it. Either way, you can make money from the app. So, if I were the developers, this the mindset I’d develop: the faster I create an app, the more money I can make. Then, what if there was a code which I should wait for hours until the download process completes? Is there another way to cut the download time?
That’s how those developers think. Instead of waiting for hours until the original XCode downloaded, they checked for an alternative XCode. They seek for an alternative XCode placed in local server. Choosing this alternative code will allow them to cut the download time up to 2-3 times than US server, giving them more time to build the app and make the money.
Wait, isn’t it good? People can get the same quality without waiting for long. How bad it can be? Well, it supposed to be that way unless the fact that the developers who created the alternative code, also injected malware to the scripts. They put it nicely, camouflaging the scripts as if they were regular scripts. The only difference would be once someone downloaded the app, the malware script will start sending any information from the user to the malware developer. Is this what you want from an app?
What Should You Do?
As of now, Apple has cleared its App Store from these malicious apps by hosting its original XCode in China local server. This way, local developers won’t need the XCodeGhost anymore. Does it mean you’ll be safe? To be honest, there is no guarantee you can be safe out there. Malware is not the only way to attack you. Trojans, ransomware, adware, and many other online threats are waiting to infect you if you don’t protect yourself with proper security. So, which one do you need?
Try our VPN Asia. We are your #1 Tier-1 VPN solution. Work with us and we will keep you safe from unauthorized access. We encrypt your data transmissions to ensure you’ll have control over all data transmitted and sent to your device. Furthermore, we keep you anonymous on the web and unblock any content, whatever you like. Simply put, we guarantee your freedom, security, and privacy on the net.