I don't think I'm going out on a limb by speculating
that someone, somewhere is preparing a class-action suit based on
the recently disclosed
hack of Apple's app ecosystem.
How did it happen? In a nutshell, hackers were able to infect a
version of Apple's Xcode software package for iOS app
developers. A number of iOS developers - primarily in China,
according to recent reports - downloaded this corrupted version of
Xcode, then used it to compile their apps. This corrupted version
was not the "official" Apple version; it was accessed
from a third-party file-sharing site. Apps compiled with this
version of Xcode were infected with malware known as
XcodeGhost. These corrupted apps were uploaded and
distributed through Apple's Chinese App Store. In this way the
XcodeGhost malware snuck past Apple's own code review protocols
and, through the wonder of app store downloads, it infected
millions of iOS devices around the world.
The malware does a number of nasty things - including fishing
for a user's iCloud password.
This case provides a good case study for how risk is allocated
in license agreements and terms of service. What do Apple's
terms say about this kind of thing? In Canada, the App Store Terms and
Conditions govern a user's contractual
relationship with Apple for the use of the App Store. On the face
of it, these terms disclaim liability for any "...LOSS,
CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER
SECURITY INTRUSION, AND APPLE CANADA DISCLAIMS ANY LIABILITY
Apple could be expected to argue that this clause deflects
liability. And if Apple is found liable, then it would seek the
cover of its limitation of liability clause. In the current version
of the terms, Apple claims an overall limit of liability of $50.
Let's not forget that "hundreds of millions of
users" are potentially affected.
As a preliminary step however, Apple would be expected to argue
that the law of the State of California governs the contract, and
Apple would be arguing that any remedy must be sought in a
California court (see our post the other day: Forum Selection in Online
Will this limit of liability and forum-selection clause hold up
to the scrutiny of Canadian courts if there is a claim against
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A recent Saskatchewan Court of Queen's Bench decision allowed a court-appointed receiver to sell and transfer intellectual property rights free and clear of encumbrances, finding that a license to use improvements of an invention was a contractual interest and not a property interest.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).