Sorry, not buying it that those app makers didn’t know to get from a real Apple site. I think they knew what they were doing and probable talked some kickback money.
Ok, read your second post this time. Wasn’t official apps after all.
They knew. . . a but and that's a possibility, but low on the probability scale especially for the paid apps and most popular ad supported apps where millions of Yuan are on the line. Human nature is probably more to blame.
China required Apple to host their App store on China Telecom's servers. As I understand it China Telecom provided very slow download service for getting apps and Xcode is fairly large as it includes all the APIs as well as the programing language. An alternative was long-distance downloading from international sourcing. . . which is throttled in China. It could take several hours to download. Impatience shot them down.
Several third-party servers for jail-broken apps offered them a free, fast download of Xcode they could get in minutes. . . which tricked them into downloading the XcodeGhost version. These sites told them they had to turn of Gatekeeper for this download because it wasn't an "official site". I doubt they knew they were getting a malicious version of Xcode. These are often their own companies' products that would bear the brunt of blame and potential lawsuits when it would be found out. It was impatience and desire to get started as soon as possible on programing among the programers. It could have been just one programmer in an entire company who "couldn't wait," doing it even against company policy. That's all it would take.
Apple's CEO is meeting with China's president this week while he is in the USA and as I understand it one of the topics under discussion is China's requirement that Apple's China App store being hosted on China Telecom. Apple very much wants to host it on it's own servers in China so it can provision it with much faster service. They have so far convinced China Telecom to increase the speed of app download. . . and they are working with the developers to get the apps that were infected back into the China App store with clean versions.
I’m trying to figure out why a developer, who can get all the tools necessary to develop apps for the App Store for FREE - would instead download pirated versions -
I really see this, not as an error - but as intentional - those using these corrupted versions of Xcode are using these altered versions for a REASON - that is to intentionally spread malware.