Apple is in recon mode after a security breach in China’s version of the App Store infected dozens of top apps, revealing that even a company known for its exclusivity is vulnerable to savvy hackers.
Apple is known for its fastidiousness when it comes to security and which apps make it into its store. But despite such diligence, hackers shopped an unauthorized, malware-riddled version of Apple’s XCode to app developers.
The faulty code, named XCodeGhost, was used in anywhere from 50 to 100 Chinese apps that were downloaded by millions iPhone and iPad users, including the popular messaging app WeChat, as well as other messaging and banking apps. The code allowed the apps to transmit device data, potentially leading to stolen iCloud passwords and spam alerts.
Under the username XcodeGhost-Author, the author said the malware code was a fluke discovery and was deployed as “a one-time, mistaken experiment” meant to test ads, the Wall Street Journal reported. Apple isn’t impervious to cybersecurity problems, particularly when it comes to the company’s unencrypted iCloud service. But the breach is still a rarity and the largest in Apple iOS history — the company previously found only five apps with malicious code.
And while Apple’s security breach is only pertinent to Chinese users, it underscores competing political priorities for greater security among American tech companies’ products and the industry’s desire to expand trade relations. Apple has only been selling iPhones in China since 2014 despite having most of the devices made in the country.
The breach comes at an awkward time in the U.S. and China’s cyber relationship, with the Obama administration growing more visibly agitated by China’s “unacceptable” cybersecurity practices. The administration met with Chinese leaders last week to discuss cybersecurity matters ahead of China President Xi Jinping’s first U.S. visit.
Xi is kicking off his stateside visit Tuesday by courting tech companies in Seattle. Apple, Microsoft, Amazon, IBM, and Cisco are some of the American-based companies Xi is hoping to meet this week during a business roundtable hosted by the Paulson Institute.
Tech companies have remained relatively mum on the subject of Chinese-based cyberattacks despite a White House call for action.
While President Barack Obama urged businesses to publicly take a stand in the cybersecurity debate last week, Chamber of Commerce president and CEO Thomas Donahue assured Xi during his Beijing visit that “expanding the U.S.-China commercial relationship is essential to driving needed growth in our economies and stability in the global economy.”
But tech companies’ reluctance to confront cyber issues could make any decision to formally sanction China more complex. The Seattle conference as the Xi’s first order of business is no accident, Daniel Rosen, founder of the global economic and business consulting firm Rhodium Group told Bloomberg. It’s a “defensive strategy” that will allow tech companies to “engage with him on these tech and cyber-issues” on his terms.