Re: "“Did you use open source code to save time, and the virus was hidden in it?”"
When many "must have" apps will willingly execute any random script or executable they are given, you don't really need to put trojans in the code. While it is certainly possible, it is entirely uncessary.
If the code is open, all you need is one kid who wants to make a name for himself.
If the code is closed, you just have to depend on the good intentions of the likes of Apple or Microsoft.