To the chagrin of many a respectable developer, Apple has always been known to have the toughest app-review protocols in the business.
That’s why news of the iOS App Store’s first large-scale attack is so surprising.
As of Sunday, Apple said it was busy ridding its marketplace of malicious iPhone and iPad programs implicated in the assault.
Complicating matters, malware that security experts are calling
XcodeGhost has apparently been embedded in hundreds of legitimate mobile applications, including popular mobile chat app WeChat and car-hailing app Didi Kuaidi.
More disturbing still, the
infected iOS programs include banking apps, stock trading apps, and social network service apps, according to Palo Alto
Networks, an online security company that has been on top of the breach.
By Boy Genius’ estimate, “Millions upon millions of iPhone and iPad users [have been] affected.” At the moment, the majority of these consumers seem to be in China, but that has yet
to be confirmed.
The security breakdown will likely invite similar attacks now that the App Store’s vulnerability has been exposed. That’s “a pretty big deal,” as Ryan
Olson of Palo Alto Networks Director of Threat Intelligence tells Reuters.
Worse yet, according to Olson, it’s difficult to defend against hackers infecting the machines of software
developers writing legitimate apps -- which seems to be how the App Store was compromised.
For Apple, the biggest risk is losing the trust of developers and consumers, each of whom have plenty
of other app platforms to choose from.
Needless to say, the stakes have never been higher, as media and commerce ecosystems shift to mobile, and apps increasingly serve as the main gateway to
consumers.
In other words, Apple is having a bad Monday.