News > Phones Apple Brass Reportedly Hushed Up iPhone Hack Millions of phones affected By Sascha Brodsky Sascha Brodsky Senior Tech Reporter Macalester College Columbia University Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. lifewire's editorial guidelines Updated on May 12, 2021 10:20AM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Phones Mobile Phones Internet & Security Computers & Tablets Smart Life Tech Leaders Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Women in Gaming Trending Videos Close this video player Apple executives didn’t tell users about a 2015 hack of 128 million iPhones, according to a new report. The hack was first uncovered when Apple employees started looking into malicious App Store apps, according to Ars Technica. Eventually, the company found 2,500 malicious apps that had been downloaded 203 million times. News that Apple knew of the hacking came recently during Epic Games’ ongoing lawsuit. An email entered into court shows that managers were aware of the problem. "...Due to the large number of customers potentially affected, do we want to send an email to all of them?" Matthew Fischer, vice president of the App Store, wrote in the email. However, the hacks were never made public by Apple. The malicious apps were developed using a counterfeit copy of Apple’s iOS and OS X app development tool, Xcode. The fake software put harmful code alongside normal app functions. Once the code was installed, the iPhones slipped out of the control of their owners. The iPhones communicated with a remote server and revealed device information, including the infected app’s name, the app-bundle identifier, network information, the device’s "identifier for vendor" details, and the device name, type, and unique identifier, Ars Technica reported. Observers were critical of Apple’s decision not to inform users about the hack. Seems they feared public outrage and backlash more than standing up and telling customers about the potential risks involved. "The key here for Apple is to clearly outline the impact to the end-user and not just send out a technical alert and update that is embedded in their release notes," Setu Kulkarni, a vice president at cybersecurity firm WhiteHat Security, said in an email interview. The hacks highlight potential security problems with apps, Dirk Schrader, a vice president at cybersecurity firm New Net Technologies, said in an email interview. "Both large app stores, Google’s Play Store, as well as Apple’s, are essentially a large malware distribution platform if not managed well," he added. "That email, and Apple’s decision not to inform customers and the public, demonstrates what that means. Seems they feared public outrage and backlash more than standing up and telling customers about the potential risks involved." Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit