Apple Execs chooses to keep quiet 128 million iPhones
In September 2015, Apple managers face a dilemma: Should 128 million iPhone users be notified of the worst iOS compromise ever? In the end, all the evidence showed that they chose to remain silent.
When researchers discovered large-scale hacking 40 malicious App Store apps found, A number Soared to 4,000 As more and more researchers look around. These apps contain code that makes iPhones and iPads part of a botnet, thereby stealing potentially sensitive user information.
One E-mail to enter the courtroom last week Epic Games’ litigation Oppose apple It shows that on the afternoon of September 21, 2015, Apple managers discovered 2500 malicious applications. These applications were downloaded 203 million times by 128 million users, of which 18 million were in the United States.
“Joz, Tom and Christine-due to the potential large number of customers, are we going to send emails to all customers?” wrote Matthew Fischer, vice president of App Store, referring to Apple’s senior vice president of global marketing Greg Joswiak and Apple public relations staff Tom Neumayr and Christine Monaghan. Email continues:
If so, Dale Bagwell of our customer experience team will manage this for us. Please note that this will bring some challenges in the language localization of emails, as these apps are downloaded in various App Store storefronts around the world (for example, we don’t want to send English emails to The Brazilian app store has downloaded one or more of these apps, among which Brazilian Portuguese will be the more appropriate language).
About 10 hours later, Bagwell discussed informing all 128 million affected users, localizing the notice into the language of each user and “accurately including[ing] The application name of each customer. “
all, all signs indicate that Apple has never followed its plan. Apple representatives may have no evidence that such emails have been sent.The statement sent by the representative in the background-stating that I am not allowed to quote these statements-stating that Apple only issued it instead Posts now deleted.
The post provided very general information about malicious app activity and ended up listing only the top 25 apps with the highest downloads.The post said: “If the user uses one of these applications, the affected application should be updated, which will resolve the issue on the user’s device.” “If the application is [the] App Store, it has been updated, if it is not available, it should be updated soon. “
The infection is due to the use of forgery by legitimate developers, Xcode, Apple’s iOS and OS X application development tools. The repackaged tool is called XcodeGhost, and malicious code is secretly inserted next to the normal application functions.
From there, the application causes the iPhone to report and provide various device information to the command and control server, including the name of the infected application, the application bundle identifier, network information, the device’s “identifierForVendor” details, and the device name, type, and Unique identifier.
Compared with Xcode provided by Apple, XcodeGhost claims that it downloads faster in China. For developers to run the fake version, they will have to click on the warning issued by Gatekeeper, which is a macOS security feature that requires applications to be digitally signed by a known developer.
The lack of follow-up is disappointing. Apple has long prioritized the safety of sales equipment.It also makes privacy The core of its product. It would be the right thing to notify the people affected by this mistake directly.We already know that Google usually does not notify users when they download Malicious Android apps or Chrome extension. Now we know that Apple has done the same thing.
Email is not the only email showing that Apple has resolved security issues.A kind Separate one Sent to Apple’s compatriot Phil Schiller and others reposted it in 2013 Ars article The title is “The seemingly benign’Jekyll’ app passed Apple reviews and then became’evil’.”