Sloppy dev practices allowed malware into Apple App Store

The XcodeGhost malware on iOS and OS X provides an object lesson for developers: Never rely on unofficial versions or alternative repositories for your tools

Sloppy dev practices allowed malware into Apple App Store
Thinkstock

Instead of trying to sneak a malicious iOS app past Apple’s verification process onto the App Store, malware writers went after developers looking for shortcuts.

Developers are told time and again to not use unofficial tools, and the XcodeGhost malware should be an object lesson as to why this is a dodgy move. It appears a counterfeit version of Xcode, Apple’s tool for creating iOS and Mac OS X apps, was uploaded to a few popular sites in China. Developers who downloaded Xcode from these alternative sites inadvertently included malicious code in their apps.

Copyright © 2015 IDG Communications, Inc.

How to choose a low-code development platform