You may not remember, but a modified copy of Xcode that surfaced on the web in 2015 was responsible for injecting malware into several iPhone and iPad apps that were subsequently uploaded to the App Store. Now, thanks to the Epic vs. Apple trial, internal Apple emails have revealed that more than 128 million iOS users were affected by the “XcodeGhost” malware.

As noted by a Motherboard report, Dale Bagwell confirmed in an email that 128 million consumers had downloaded more than 2,500 apps infected by the malware that came from the fake copy of Xcode. In total, these 2,500 infected apps have been downloaded more than 203 million times in the App Store.

Bagwell was the iTunes Customer Experience Manager at the time. Another Apple employer mentioned that “China represents 55% of customers and 66% of downloads,” also referring to the “XcodeGhost” malware. According to more internal Apple emails, about 18 million affected users were based in the US.

The company has had multiple internal discussions about warning affected developers and users, as you can read below:

“Due to the large number of customers potentially affected, do we want to send an email to all of them?” Matt Fischer, Apple’s vice president for the App Store, wrote.


“Just want to set expectations correctly here. We have a mass-request tool that will allow us to send the emails, however we are still testing to make sure that we can accurately include the names of the apps for each customer. There have been issues with this specific functionality in the past,” he wrote.

Several developers downloaded the infected Xcode because Apple’s servers were slow, so they looked for alternative download links. Even popular apps like Angry Birds 2 were affected. As soon as the malware was identified, Apple asked developers to immediately recompile their apps with a genuine version of Xcode.

Following this incident, Apple has reinforced both the security of the Xcode installation process and the malware scanning when submitting apps to the App Store. Earlier today, testimony from one of the heads of the App Store revealed more details about the iOS app review process as part of the trial.

Read also:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.