Alas, Apple's walled App Store garden isn't that safe after all. The discovery of malicious code this week forced the company to purge the App Store of several apps, all of which were commonly used on iOS devices in China.
This is said to be the first major attack on its marketplace for apps. So what happened? Basically, attackers fooled developers into using a fake version of the software used to create iOS apps. Resulting apps created by it could then be used by attackers to collect user data and send it to their own servers.
Security company Palo Alto was the first to sound the alarm about the malware, dubbed XcodeGhost, which would also send fake alerts to devices to dupe users into surrendering personal information. Are you the type who saves logins and passwords on your phone? Well, rethink that. The malware could also be used to read clipboards on devices and potentially access logins copied from password management apps.
Among the infected apps were Tencent's WeChat app, the car hailing app from Didi Kuaidi, and the NetEase music download app, as well as the business card scanner CamCard. Apple has confirmed that the related apps have been removed.
WeChat has responded by saying that it had received no reports of users being compromised, and that only an older version of WeChat had been affected. It looks like Apple's strict policing isn't quite enough even if, by and large, the App Store is less prone to malware-ridden apps than Google's Play Store.
Unless you use apps from China, most users likely won't be affected by this. But the era of being smug about iPhones being safer than others seems to have officially ended.