Apple faces challenges with pirate developers abusing enterprise certificates

Image TechCrunch

Image TechCrunch

Apple said to tackle the problem it would require two-factor authentication - using a code sent to a phone as well as a password - to log into all developer accounts by the end of this month, which could help prevent certificate misuse.

Shady app marketplaces like TutuApp, Panda Helper, AppValley, and TweakBox make use of Apple's enterprise developer certificates to get around that.

Apple the enterprise certificates of both when the company became aware of the breach of its terms.

A by Techcrunch released just this week uncovered dozens of pornography and gambling apps - the type of software which would never make it into the official App Store - being distributed through Apple's enterprise developer program.

Amazon Drops Plans For New York Headquarters
Peter King (R-N.Y.) tweeted that the news on Thursday was "absolutely disgraceful" and a "terrible loss of jobs for NY workers". The company also said it will not reopen its search for a second HQ2 location, and will proceed with its plans in Crystal City.

Pirates reportedly managed to get altered versions of popular apps onto the App Store. Both companies were found to be using enterprise developer certificates to install powerful traffic analysis apps on the phones of volunteer customers. An investigation by Reuters found illegitimate versions of apps such as Spotify, Angry Birds, Pokemon Go, and Minecraft have been distributed away from the App Store.

The pirates generate revenue by offering a cheap yearly "VIP" subscription, which claims to offer more stable versions of all its pirated iPhone apps.

"Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely", an Apple spokesperson told Reuters. The modified versions of the apps allow iPhone users to avoid adverts, fees, and game rules. Pokemon Go developers Niantic have a three-strike discipline policy to address users caught cheating in the game. There's no easy way to confirm how much money these distributors are making, nor how much money legitimate developers are losing, but there's clearly enough to make it worth it for the pirate companies to keep at it. Apple's efforts to make jailbreaking more hard and less worthwhile has likely resulted in that aspect of the privacy market drying up, forcing these companies to look for other ways to get their apps onto users' devices. However, they can cancel the certificates if they find them.

Apple didn't clarify how these apps slipped underneath the radar, whether or not it conducts routine compliance audits on builders in this system, or if it plans to vary its enrollment course of.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.