Epic Games: The lawsuit is forcing Apple to reveal its store’s confidential data. Including messages about the adulterated tool case that infected thousands of apps.
Developers downloaded a modified version of the Xcode tool and sent tampered apps to the App Store.
The lawsuit filed by Epic Games against Apple prompted by a dispute over the payment method. And fees for virtual items in the game ‘Fortnite’ is revealing unprecedented backstage about the App Store. The only authorized store for iPhone applications.
One of Apple’s internal emails recently attached to the lawsuit contains information about the 2015 XcodeGhost case. Apple found that 128 million users downloaded some of the 2,500 apps that were tampered with in the attack. The data sent to Matthew Fischer, the executive responsible for the App Store.
More than half of these users (55%) were from China. Another 18 million users were Americans. Apple’s statement reveals that the company has compiled data for each country.
In possession of this information, Apple decided not to notify affected users individually and opted for a single, public alert.
But Apple’s warning on the case at the time mentioned only the 25 most popular apps. The rest were removed from the store for developers to resubmit a clean version of the app, but this process was not communicated to users.
Therefore, many people did not know about the tampering that occurred in the apps they used.
The statement is also no longer on the company’s website.
Remember the ‘XcodeGhost’ case in Epic Games
In September 2015, security researchers at Palo Alto Networks found 39 apps on the App Store that contained code unrelated to how apps work.
The origin of this “extra code” was a modified version of Xcode, an Apple development tool. Although Xcode is available on Apple’s official website, many app developers were looking for alternative sources to speed up the download, especially in China.
One of these alternative downloads, however, had been modified to add malicious routines to apps. These routines captured certain information from the device. The biggest risk, however, was that the app could display fake login screens for iCloud, which could steal users’ passwords.
When generating the application package with the modified Xcode, the applications were tampered with. Many popular programs in China, including WeChat, were sent to the App Store with the modification – which was not detected by Apple.
Experts soon identified hundreds of other apps with the same feature, but Apple confirmed only the names of the 25 most popular apps.
Despite the risk, there is no evidence that sensitive personal information is stolen in this attack.
Still, the case rocked the App Store’s reputation. In its lawsuit against Epic Games, Apple claims that the fees charged on the App Store help ensure a trusted environment for developers to promote their apps – but Epic Games intends to counter this argument with cases like “XcodeGhost”.
More than 500 human reviewers
In the process, Apple has also been defending the performance of the App Store. The company reveal that in 2019, 4,808,685 apps submitted for approval. Of course, 36% reject, and only 1% of the rejections contest by the developers.
In addition to automated analyzes, this process also has more than 500 human reviewers who analyze 100,000 applications a week, according to the documents.
For Apple, these figures illustrate the amount of work required to operate the store and safeguard the security of apps. The low number of disputes, in turn, indicates that there would be consistency in the justifications presented.
When Apple rejects an application, the developer receives information about the adjustments that must be made. Many app developers complain about the slowness of this process and Apple’s excessive authority over what can be published on the App Store.
Unlike Android, which allows apps to be install from any store or even outside any store. The iPhone requires applications to be downloaded exclusively from the App Store, which is controlled by Apple.
In addition, the App Store has rules that do not exist in the Play Store, such as the possibility to reject applications similar to others that already exist.
We are here to hear from you
After all, you can contact us to let us know if we are missing something on our page. I hope you like and thank you for your visit.