Apple’s developer software Xcode will soon be available to Chinese developers.
First spotted by Apple Insider, this news comes on the heels of a malware attack on apps in the App Store.
Last week, security researchers at Palo Alto Networks discovered the infected apps and publicized an analysis report detailing the malware’s spread and impact. Xcode is a set of software tools developers use to create iOS apps, but a modified version of Xcode containing the malware, dubbed XcodeGhost, made its way into the App Store.
Despite Apple’s strict code review for App Store submissions, there are still ways for malware to sneak in. “If the iOS app is used by an enterprise internally, for example, it will be distributed in-house and won’t go through the App Store,” Palo Alto Networks said in its report. “In the same example, an OS X app can also be infected, and lots of OS X apps are directly distributed via the Internet other than App Stores.”
With Apple’s plan to provide Xcode on Chinese servers, developers will have less incentive to download from third parties and hopefully avoid an attack like this again.
Most of the apps with XcodeGhost were from the Chinese App Store, including popular apps WeChat, Didi Chuxing and Railway 12306, according to Palo Alto Networks. Some U.S. apps were also affected, such as WeChat, SaveSnap and Camcard.
Security researchers said the hack could put users’ personal and device data at risk, though Apple has said in a FAQ on its site that there’s no information to suggest the malware has been used maliciously. “We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords,” the company said.
Apple added it removed the apps from the App Store that they know have been infected and will publish a list of the top 25 most popular apps impacted as well as update customers on any new information regarding infected apps they might have downloaded.