Emails published in the Epic v Apple trial on Friday revealed that 128 million users downloaded malware from the App Store in 2015 (via Vice).
App Store Malware
In 2015 malware was inserted into thousands of apps in the App Store. Known as “XCodeGhost” the initial estimate was that 4,000 apps were affected. These apps stole device and user information and sent it to a command-and-control (CnC) server.
An email from Dale Bagwell, Apple’s iTunes customer experience manager at the time, said: “In total, 128M customers have downloaded the 2500+ apps that were affected LTD. Those customers drove 203M downloads of the 2500+ affected apps LTD.”
Apple employees discussed whether to notify the victims by email or not, a challenge where the company would have to “accurately include the names of the apps for each customer.” It would also take up to a week to notify all 128 million users.
The company told Motherboard Friday that it kept users informed, but did not specifically say they notified every single victim.
In an FAQ site about the incident, Apple said it didn’t believe the malware was actually used, or that it had actually stolen personal data other than “apps and general system information.”