Slashdot Mirror
Number of XcodeGhost-Infected iOS Apps Rises
An anonymous reader writes: As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices. China-based jailbreaking Pangu Team claims that the number of infected app is higher than 3,400, and have offered for download a free app that apparently detects the Trojanized apps.
Way to hint at bigotry. Who cares if "homosexuals" read slashdot, how does that affect you at all? FULL STOP. It doesn't.
Now tighten up your manbun.
I agree, both "ecosystems" have their flaws. there's a start difference between IOS and Android.
IOS is a walled in garden, closed source, and you have to PAY to be a developer. You have no choice as to your "app store" without jailbreaking your device. This was done to "protect" it's users with a secured, walled in, app store. Clearly this failed
Android is open source, and while you are selling a bit of your soul to google, you can EASY strip any remnants of google from your device and still have a perfectly functional smart phone. You can decide where you get your apps from, and you can download the SDK and start building apps for free, RIGHT NOW.
Both app markets are full of garbage, for every 1 good app there's 30 rip offs of varying quality and functionality. Both market places have had infected apps hosted on them.
The difference is, on android you have the ability to view the code and see what's going on, not ever app releases it's code or even in a human readable form, but the source code for android is out there, with thousands of eyes on it.
If you trust ANY hardware/software manufacturer to have your best interests at heart you are a fool, they are in it for money, they are owned by the shareholders and do whatever maximizes profit at their behest.
Offering a stable and secure produce is tertiary.
It matters because "IOS" is a different operating system, made by Cisco. Sure, it's clear from context which one is being talked about in this case, but that's not always true.
(On a related note, it was pretty stupid of Cisco to license the trademark.)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Not anymore. XCode 7 adds the ability to deploy to any personal device for "free".
Quoted because you need a Mac to run XCode.
But as long as you compile the code yourself (way to go - a proprietary OS enforcing open-source!), you can load the code on your phone.
In fact, there are emulators out there (like provenance, gba4ios, etc) that people are using just fine on their iOS devices. All you need to do is get the code from a tarball or git/svn/etc, open in XCode, build and deploy to your iPhone or iPad or whatever.
No, it doesn't qualify as "Free" because the built binary is limited to running on your own devices.
And the iOS sandbox was not breached - the amount of information the malware could access without alerting users was pretty limited anyhow - you could get the date, time, application ID, UUID (which because of advertising, is now different per-app) and a few other things. If the malware tried to access contacts, photos, or GPS, an alert would show up asking if the user wanted to allow or deny the action.
Of course, if said iOS device was jailbroken, then the malware could get way more information because the sandbox would be broken.
As bad as it goes, the infected apps really get less information than a typical app which wants to do in-app advertising.
As bad as it goes, the infected apps really get less information than a typical app which wants to do in-app advertising.
Unless the infected app is supposed to request permissions for GPS, address book, calendar, photos access, etc etc. If snapchat were to become infected, as an example, they would have access to pretty much every piece of information you can get inside a single app except for the calendar.