Commentary

Major Breach Threatens Apple's App Kingdom

To the chagrin of many a respectable developer, Apple has always been known to have the toughest app-review protocols in the business.

That’s why news of the iOS App Store’s first large-scale attack is so surprising.

As of Sunday, Apple said it was busy ridding its marketplace of malicious iPhone and iPad programs implicated in the assault.

Complicating matters, malware that security experts are calling XcodeGhost has apparently been embedded in hundreds of legitimate mobile applications, including popular mobile chat app WeChat and car-hailing app Didi Kuaidi.

More disturbing still, the infected iOS programs include banking apps, stock trading apps, and social network service apps, according to Palo Alto Networks, an online security company that has been on top of the breach.

By Boy Genius’ estimate, “Millions upon millions of iPhone and iPad users [have been] affected.” At the moment, the majority of these consumers seem to be in China, but that has yet to be confirmed.

The security breakdown will likely invite similar attacks now that the App Store’s vulnerability has been exposed. That’s “a pretty big deal,” as Ryan Olson of Palo Alto Networks Director of Threat Intelligence tells Reuters.

Worse yet, according to Olson, it’s difficult to defend against hackers infecting the machines of software developers writing legitimate apps -- which seems to be how the App Store was compromised.

For Apple, the biggest risk is losing the trust of developers and consumers, each of whom have plenty of other app platforms to choose from.

Needless to say, the stakes have never been higher, as media and commerce ecosystems shift to mobile, and apps increasingly serve as the main gateway to consumers.

In other words, Apple is having a bad Monday.

Next story loading loading..