Downloads of Xcode should become faster for Chinese developers after Apple begins hosting its development software on local servers within the country, the company revealed in an interview with local media this week.
Apple marketing chief Phil Schiller spoke with Sina and explained that while Xcode takes developers about 25 minutes to download in the U.S., that same install can take up to three times as long for those in China. Apple hopes to address the issue by having an official copy of the software available to download on Chinese servers.
Apple also announced in a FAQ on its website this week that it will "soon" publish a list of the 25 most popular apps affected by the so-called "XcodeGhost" issue. Apple says that outside of the top 25 apps, the number of users affected by the exploit "drops significantly."
The company also published details on how developers can ensure their copy of Xcode is legitimate. Developers are advised to download Xcode through the Mac App Store or from its developer website, and to leave Gatekeeper enabled on all of their Macs to protect against tampered software.
Slow download speeds in China led developers to turn to alternative sources, where they unknowingly obtained modified versions of Apple's developer suite, Xcode. This counterfeit software led developers to build malicious apps unbeknownst to them or even Apple, who allowed the software onto its iOS App Store.
In all, about 40 infected apps are thus far confirmed to have made it through, including popular downloads like WeChat and ridesharing service Didi Kuaidi.
The malicious copies of Xcode were hosted on cloud storage run by China's Baidu, and those copies have since been removed. Developers running a modified version of Xcode would have needed to disable Apple's Gatekeeper security feature in order to run the software.
35 Comments
That's a good step. Now, what about implementing a safeguard that completely avoids submitting apps from non genuine Xcode versions?
I remain stupefied that nearly everyone is blaming Apple totally and giving the lazy developers who downloaded a pirated copy of Xcode a pass. What were they thinking? I thought developers were tech savvy and security conscious.
That's a good step.
Now, what about implementing a safeguard that completely avoids submitting apps from non genuine Xcode versions?
And you know exactly how to do that, right? It’s simple, right? Apple engineers are incompetent, right? Any third grader could do it, right? By the way, how many affected apps did you find on your iOS device?
That's a good step.
Now, what about implementing a safeguard that completely avoids submitting apps from non genuine Xcode versions?
That and how about issuing a warning to developers if they do something stupid like that again they will be banned from the app store.
-kpluck
[quote name="lkrupp" url="/t/188442/apple-to-officially-host-xcode-on-chinese-servers-in-wake-of-malware-issue#post_2781131"]I remain stupefied that nearly everyone is blaming Apple totally and giving the lazy developers who downloaded a pirated copy of Xcode a pass. What were they thinking? I thought developers were tech savvy and security conscious. [/quote] Anyone who has ever been to China will clearly see that theft and deception are culturally ingrained and expected. Also, it makes one wonder why the developer software was not previously hosted by Apple. Probably due to either hacking concerns or Chinese government spy infiltration or theft of code concerns.