A number of Chinese Apple iOS apps this week were found infected with XcodeGhost malware. This makes both Apple and the technology companies who created the malware-infested apps look bad.
Download speeds appear to be a prime reason why Chinese app developers of at least 57 apps, including WeChat and Didi Chuxing, chose to download the Xcode file from unsanctioned servers in China, rather than from Apple's channels outside of China.
XcodeGhost's discovery casts a glaring light on China's slow Internet speeds. Chinese bandwidth is bottlenecked at less than five points entering and exiting China. So a Beijing netizen accessing sites or downloads outside of China finds access constricted because of the narrow outlets. The access should be a high-speed freeway, but it is more like a muddy, cobblestone pathway. So frustrated Chinese software developers will find the path of least resistance, which in this situation unfortunately means they are downloading malware-infected copies of Xcode.
But the bigger problem that XcodeGhost shows is the lack of good management within many of these Chinese technology companies. If a technology company cannot follow basic technology best practices, what else about their financial, sales, and marketing management systems do investors have to worry about?
XcodeGhost's discovery displays the messy and poor software management policies at large publicly-listed Chinese companies like Tencent.com. Why are software engineers at these companies being allowed to download and install software outside of Apple's approved environment? The chief technology officers and chief information officers at these companies should be blamed for allowing these types of poor management policies to fester. These companies should have a very clear and easy-to-follow guideline for who can download what, when, and how. And most importantly, there must be a protocol for who can install software on companies' computers.