An unusual technical glitch at Apple has caused a stir. Shortly after the launch of the new web frontend for the App Store, the website's complete source code appeared online. The reason wasn't a hacking attack, but a simple oversight: Apple had accidentally enabled source maps in the production version. This made the entire frontend code publicly accessible and downloadable. A GitHub user named rxliuli took advantage of this and published the data online.
Apple recently launched a redesigned web interface for the App Store. The new interface offers dedicated pages for different platforms and categories, as well as a revamped search function. The goal is a more modern and user-friendly presentation of the App Store in a browser. However, the launch didn't go quite as planned. Just a few hours after the new design was released, the website's source code was exposed on GitHub. This was because Apple hadn't disabled source maps during the website deployment—an error that should normally have been caught during the testing phase.
How the leak occurred
GitHub user rxliuli noticed the bug while examining the new app store page. Using a Chrome extension, he extracted all available resources from the new web frontend. Because the source maps were active, the entire frontend source code could be reconstructed. The published repository contains, among other things:
- the complete Svelte/TypeScript source code,
- the logic for state management,
- the UI components,
- the API integration code,
- as well as the routing configuration.
These files provide a detailed insight into the technical structure and operation of the App Store frontend. Normally, such information is only accessible internally. For developers, this is therefore a rare opportunity to analyze the architecture of a large Apple web application in detail.
What exactly happened
Source maps are used in web development to link the original source code with the compressed production version. They help developers find errors and debug the code. However, in live environments, they are almost always disabled to prevent the code from being publicly visible. Apple apparently overlooked this step. As a result, technically savvy users were able to download the complete code via the browser's developer tools.
According to rxliuli, the source code was obtained from freely accessible resources – without hacks or manipulation. The user emphasizes that the repository was published solely for educational and research purposes. Nevertheless, it is likely that Apple or GitHub will soon remove the content, as it is copyrighted code.
Assessment of the incident
From a security perspective, this is not a serious incident. No user data, passwords, or server information were exposed. The internal API keys also remained hidden. Nevertheless, the leak is embarrassing for Apple because it shows that even a company with high quality and security standards can experience simple configuration errors.
Disabling source maps is a fundamental step in web development when transitioning from the test to the production environment. That this process was overlooked at such a large company is unusual and will likely lead to a thorough internal review of the build processes.
The GitHub repository
The repository published by rxliuli contains the complete code of the new App Store web interface. Those interested in modern frontend architectures will find it a clear example of how Apple works with frameworks like Svelte and TypeScript. This combination is synonymous with high-performance, modular, and maintainable web applications. The way Apple has implemented state management, routing, and API integration demonstrates the company's high technical standards.
Because the repository contains copyrighted material, it will likely not remain online permanently. Apple has a history of reacting quickly when internal or confidential content has been made public.
Apple: A technical mishap with symbolic power
The accidental leak of the App Store frontend isn't a security disaster, but it is a rare and embarrassing blunder. It highlights that even at Apple, human error can occur—even in automated development processes. For developers, the short-lived GitHub project offers a fascinating glimpse behind the scenes of Apple's web development; for Apple itself, it's a clear indication that even the smallest configuration details can have significant consequences. In the long run, the incident won't have any serious repercussions, but it serves as a reminder that perfection in software development is not a given, even for the largest and most experienced teams. (Image: Shutterstock / Gorodenkoff)
- iOS 26.2: These new features are already visible in Beta 1.
- iOS 26.2: Beta reveals planned new feature for AirDrop
- iOS 26.2: Freeform app gets table functionality
- iOS 26.2 brings alarms for reminders – here's what's new
- iOS 26.2: Liquid Glass slider brings new options
- iOS 26.2: New features make Apple Podcasts smarter
- watchOS 26.2 introduces a new scale for sleep assessment
- Live translation with AirPods: EU launch planned for December
- iOS 26.2 Beta released – Apple prepares next update
- WhatsApp is now officially available on the Apple Watch
- Apple postpones the end of the old HomeKit version to 2026.
- iOS 26.1 closes over 50 dangerous security vulnerabilities.
- iOS 26.1 now available: What's in the new update
- New intro for Apple TV: Finneas reveals details
- Apple launches App Store for the web
- Apple TV shows new intro with music by FINNEAS
- Apple launches creative Christmas project in London
- Apple confirms: No new Macs planned for 2025
- Apple stock: Wedbush raises price target to $320
- Apple stock: TD Cowen significantly raises price target to $325
- Apple stock: Evercore raises price target to $300
- Apple stock: JP Morgan raises price target to $305
- No chat monitoring: EU foregoes chat surveillance
- Apple in leak dispute: New details about Prosser and Ramacciotti
