Apple to officially host Xcode on Chinese servers in wake of malware issue

Apple marketing chief Phil Schiller spoke with Sina and explained that while Xcode takes developers about 25 minutes to download in the U.S., that same install can take up to three times as long for those in China. Apple hopes to address the issue by having an official copy of the software available to download on Chinese servers.

Apple also announced in a FAQ on its website this week that it will "soon" publish a list of the 25 most popular apps affected by the so-called "XcodeGhost" issue. Apple says that outside of the top 25 apps, the number of users affected by the exploit "drops significantly."

The company also published details on how developers can ensure their copy of Xcode is legitimate. Developers are advised to download Xcode through the Mac App Store or from its developer website, and to leave Gatekeeper enabled on all of their Macs to protect against tampered software.

Slow download speeds in China led developers to turn to alternative sources, where they unknowingly obtained modified versions of Apple's developer suite, Xcode. This counterfeit software led developers to build malicious apps unbeknownst to them or even Apple, who allowed the software onto its iOS App Store.

In all, about 40 infected apps are thus far confirmed to have made it through, including popular downloads like WeChat and ridesharing service Didi Kuaidi.

The malicious copies of Xcode were hosted on cloud storage run by China's Baidu, and those copies have since been removed. Developers running a modified version of Xcode would have needed to disable Apple's Gatekeeper security feature in order to run the software.