Your iPhone security may have been breached, but Apple decided not tell anyone

San Francisco, California - Your device might have been among the 128 million iPhones infected by one of over 4,000 malicious apps – it's hard to know for sure, because Apple wanted this huge security breach to be their little iSecret.

Apple CEO Tim Cook during the Fall 2020 Apple launch event.
Apple CEO Tim Cook during the Fall 2020 Apple launch event.  © IMAGO/ZUMA Wire

In what is turning out to be the most significant tech trial of the decade, Epic Games, creators of Fortnite, is suing Apple over the way it runs its App Store.

The tech giant is being accused of running a monopoly by not allowing competing app stores to use the iOS platform, and also blocking third-party payment systems.

Expert witnesses from across the gaming and tech industries are providing insights into how platforms make money, as well as how they are flawed.

But some of the evidence entered on behalf of Epic Games seems to have uncovered a completely separate scandal. As first reported by Wired, A series of damning emails indicate Apple knew about more than 4,000 malicious apps infecting iPhones worldwide and chose not to do anything about it.

iPhone security – or the lack thereof – is an evolving science, as each day presents a new method for exploiting weaknesses in their programming. The email in question reveals that on September 21, 2015, Apple managers discovered 2,500 malicious apps, and then thousands more that had already been downloaded more than 203 million times by 128 million users worldwide, 18 million of whom were in the US.

The apps were problematic because they forced iPhones to provide identifying information to a central server. Each infected device then was part of a "botnet", essentially a piece of zombie tech, under the control of that central server to a certain degree.

What's worse, these apps came from verified developers, who accidentally created them using a counterfeit coding tool that was pitched as being much faster to use.

The fix was incredibly simple – but

More than 4,000 apps were created with infectious code that ended up on 128 million iPhones worldwide in 2015.
More than 4,000 apps were created with infectious code that ended up on 128 million iPhones worldwide in 2015.  © 123RF/tashka2000

The redacted internal messages show that Apple actually outlined a course of action, which would have been to notify users around the world to simply update to a safer version of whatever app they had downloaded.

However, it seems that the process of translating the notification emails into languages matching the App Stores they were downloaded from, as well as figuring out exactly which apps to include in each individual warning.

Ultimately, there was no evidence on Apple servers to prove anything was ever done to help the iPhone users. Not a single email was sent detailing the problem or the cure. Apple merely notified developers and shared a shortlist of the most important affected apps on a website in just Chinese and English. But who would think to look?

The trial is ongoing, and public evidence entered into the trial, including opening statements, the email evidence, and more can be found here.

It's going to take more than releasing a purple iPhone to fix this.

Cover photo: IMAGO/ZUMA Wire

More on Tech: