Malware found in Wechat iOS app

This week, news was released about a serious malware infection in WeChat and other popular Chinese iOs apps.  Chinese developers working at Tencent (Wechat) were using an unverified copy of Xcode, Apple’s official development software, downloaded from an unsecured Baidu cloud server.

Normally, any iOS developer can simply download Xcode from the Apple app store for free. However in China, connecting to the app store servers can be slow due to the Great Firewall internet censorship. The Chinese developers opted instead to bypass this slow channel and ended up infecting millions of devices in the process.

Apple has sent an email to all members of the Apple Developer’s program to address this issue with unverified Xcode copies:

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode. Learn more.

Why does this matter?

This single incident will most likely be brushed off by authorities, blamed as worker negligence, and the sloppy developers will be fired — case closed.

However this incident is symptomatic of a bigger overall problem in China –the persistence in maintaining a parallel internet sealed off from the rest of the world. Restricting information flow is an inefficiency that is proving to have painful real world economic consequences. The malware will need to be patched. Faulty software reduces productivity. For an app used daily by hundreds of millions of people like Wechat , a malware issue, no matter how small, can cause enormous economic losses in productivity.

While VPNs can be used in China to get around the internet censorship and improve connection speed to some outside servers, most Chinese citizens do not use them. VPNs cost money and are not a perfect solution since the added encryption also reduces internet speeds. Furthermore, the Great Firewall is capable of targeting certain VPN connections, making them slow or completely unusable.

Google Play Store in China

Despite being the country with the most number of active Android devices, the Google play store is blocked from within China. Android apps are instead distributed through a myriad of third-party app stores. This fragmentation is an inefficiency that complicates what should be a relatively simple process for developers wishing to distribute their apps in the Middle Kingdom.

However, there have been recent talks between Google and Chinese government officials to allow the Play Store back into China, albeit a heavily censored version of it. Sources say the Play Store may become unblocked in China as early as 2016.




There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>