A version of Xcode was compromised and distributed online to legitimate Chinese app developers. They unknowingly introduced the malware into the Apple App Store via their apps. The malware, once run on a consumers iOS device, communicated with the attackers. Apple’s screening process, which doesnt do any form of source code review, is very good at some things, and not so good at others. Apple could, and I expect does, look for signatures of known bad things that could be in an app’s security.”]
Source: https://www.csoonline.com/article/2987392/xcodeghost-was-apple-negligent.html