According to recent reports, some versions of Xcode used by developers in China have been compromised and are being used to inject tracking codes in iOS apps without developer knowledge. Unaware of the injection, those developers then released their compromised iOS apps to the App Store which were then later approved by Apple. At the time of writing this post, the compromised apps are still available in the App store (link is external). Any user who has installed and launched these compromised apps will be a victim of these tracking codes.
This is a significant compromise of Apple’s app store. Apple notoriously manually reviews all app submissions and, in comparison to Android stores, has been relatively malware-free. This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world.
This thing is huge. Among the affected applications is WeChat, which is used by 500 million people and installed on probably every Chinese iPhone. Here’s another article with more details, but it’s from a security software peddler, so get your salt.