Apple to offer domestic downloads of Xcode for developers in China

“A senior Apple Inc executive on Tuesday said the company would make it easier for Chinese app developers to download its tools for building mobile apps in a bid to prevent further attacks on its App Store,” Paul Carsten and Jim Finkle report for Reuters. “In the wake of the first major breach on its outlet for distributing iPhone and iPad software, Apple marketing chief Phil Schiller told Chinese news site that it will offer domestic downloads within China of its [Xcode] software for developing apps. Unknown hackers infected legitimate programs by persuading app developers to download a tainted copy of the toolkit.”

Chinese app developers have told Reuters they resorted to downloading the tainted software kit for developers from unofficial, third-party sources because of slow speeds downloading from Apple’s official servers located overseas. Many complained the U.S. tech giant should do more to support developers in the company’s second-biggest market,” Carsten and Finkle report. “Schiller also said that Apple plans to list 25 tainted apps that the company has identified so that customers can delete and update them, according to the Chinese-language site. He said the company knows of no cases where tainted apps have been used to transmit customer data.”

“The company announced that it was moving to clean up its App Store on Sunday, after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds, possible thousands, of legitimate apps,” Carsten and Finkle report. “It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.”

Read more in the full article here.

MacDailyNews Take: It’s kind of amazing, given Tim Cook’s routine assertions about the importance of China to Apple, that Xcode is just now being made available as a local download.

Regardless of the media reaction, next to Google’s Typhoid Mary of mobile, this is nothing. Well, you live and learn.

Bottom line: When you have over $200 billion in the coffers, don’t be cheap.

List of iOS apps infected by ‘XcodeGhost’ includes Angry Birds 2 – September 21, 2015
Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013


  1. “Bottom line: When you have over $200 billion in the coffers, don’t be cheap.”

    Yeah, like starting your 2015 iPhone off with only the same 16 GB that the 2009 iPhone had. Or keeping the free iCloud storage option at 5 GB per account, not per device.

    1. Roxio said Angry Bird 2 that was affected was ONLY THE CHINESE LANGUAGE VERSION. If you didn’t download the Chinese language version, you’ve nothing to worry about.

      Also, if you did not enter your AppleID and password to a sudden unknown requester that popped up out of the blue, you’re also ok.

  2. Hard to see that this was overlooked. I’ll bet Chinese developers had complained about slow downloads for years.

    It can’t take that much to set up servers in China to handle the traffic.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.