It’s not unusual for companies to experience data breaches that put their customers at risk. When that company happens to own the one and only sanction app store for its platform, however, then it becomes a rather scary prospect. That is always one of the risks of Apple’s App Store when the tools used to upload apps are themselves infected with malware, which is what happened almost six years ago with the XCodeGhost incident whose details are only surfacing now thanks to a lawsuit involving Fortnite of all things.
It’s not that Apple didn’t admit that infected apps got through the usually stringent App Store review process, but only due to some less discerning developers using tainted tools. And to be fair, it did warn affected users and cautioned developers that were using the unofficial XCode development tool against those attempts to steal their personal information. What it didn’t disclose, however, was the actual extent of that hack, which would have really tarnished its reputation.
As part of the legal battle between Epic Games and Apple over Fortnite, evidence was submitted revealing exactly those numbers. Email communication showed that Apple knew that 128 million users downloaded the more than 2,500 apps that were affected by XCodeGhost. 18 million of those were counted to have come from the US while more than half the victims were traced back to China.
Perhaps more telling was that the company was debating whether to reach out to all those 128 million iOS users that may have been compromised by the hacking attempt. While it may be common practice now or even legally mandated, back then Apple seemed to have had the wiggle room to even consider not doing so, given the logistics nightmare it would have incurred. It did say it reach out to users but, again, it never admitted to how many they reached out to.
Apple would later say that they were not aware of any actual use of the exploit, suggesting that users were still safe despite the number of infected apps and potential victims. Still, Epic Games could use this as ammo against Apple to prove how it used its power and control to monopolize the iOS app market.