Apple plans steps to prevent future App Store attacks

By Paul Carsten and Jim Finkle

BEIJING/BOSTON (Reuters) - A senior Apple Inc executive on Tuesday said the company would make it easier for Chinese app developers to download its tools for building mobile apps in a bid to prevent further attacks on its App Store.

In the wake of the first major breach on its outlet for distributing iPhone and iPad software, Apple marketing chief Phil Schiller told Chinese news site Sina.com that it will offer domestic downloads within China of its software for developing apps.

He made the comment after Apple on Sunday confirmed that the App Store had suffered its first large-scale breach. Unknown hackers infected legitimate programs by persuading app developers to download a tainted copy of the toolkit.It was the first time a company executive has talked about efforts to secure the App Store since the attack surfaced late last week.

Chinese app developers have told Reuters they resorted to downloading the tainted software kit for developers from unofficial, third-party sources because of slow speeds downloading from Apple's official servers located overseas. Many complained the U.S. tech giant should do more to support developers in the company's second-biggest market.

Schiller also said that Apple plans to list 25 tainted apps that the company has identified so that customers can delete and update them, according to the Chinese-language site. (http://bit.ly/1LLbtZ6)

He said the company knows of no cases where tainted apps have been used to transmit customer data.

The company announced that it was moving to clean up its App Store on Sunday, after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds, possible thousands, of legitimate apps.

It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

Researchers said infected apps included Tencent Holdings Ltd's popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.

Apple removed the malicious versions of those apps from the App store and those developers replaced them with clean updates.

(Reporting by Paul Carsten in Beijing and Jim Finkle in Boston. Editing by Richard Valdmanis and Christian Plumb)