Unfortunately, I installed some of the apps mentioned on this list, and confirmed that the versions I have are still compromised by XcodeGhost: http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
Of course, I have immediately removed them. But what I am concerned about is whether they have managed to hide the virus anywhere else in the system? The article doesn't explicitly address this, but did the virus manage to break out of iOS sandboxing?
Also, relatedly, does anyone know if the infected apps collected anything else besides those already reported by Palto Alto Networks?, e.g. texts, contact info, etc?
Current time Current infected app’s name The app’s bundle identifier
Current device’s name and type Current system’s language and country
Current device’s UUID Network type
It's already been reported here that the malware phishes for iCloud passwords: http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
Best Answer
Since you aren't asking about OSX (that should be a separate question), I'll focus on the iOS ramifications. The apps created by the malicious Xcode installer can be cleaned up by deleting the apps.
The iOS sandbox wasn't compromised, just that the app review team didn't notice the bad behavior of the app.
What you did by running an "infected iOS app" was let the villains know your device UDID and probably the IP address your device had when it ran the app and self-reported.
There's no reporting to say that the iOS sandbox was compromised, so no emails, no texts, no passwords were compromised.
Apple has released confirmation that the code could not compromise iCloud and didn't leak anything except for the most general "an anonymous phone ran this app ping" which would needs lots of corroborating information to be a risk to anyone unless there were many extenuating circumstances.
See https://archive.is/PWqMV (Archived copy of dead link https://www.apple.com/cn/xcodeghost/#english) for the full statement from Apple that includes a list of the affected apps.
(Well, a list of 25 of > 4000 affected apps, and the obviously false statement, given that the link is now dead, "We will update this page with more information as it becomes available.")