Apple's Enterprise Developer Program Also Being Used to Distribute Hacked Apps
Misuse of Apple's enterprise developer program certificates continues to make news, with a new report from Reuters outlining how software pirates have been using the program to distribute hacked versions of popular apps like Minecraft, Pokemon Go, Spotify, Angry Birds, and more.
Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.
The software pirates in turn make money by charging some users annual subscription fees for "VIP" versions of their hacked apps that are "more stable than the free versions."
After being alerted by Reuters to these developer accounts being used to distribute hacked apps, Apple removed a number of them, but more have since sprung up to take their place.
Revelations regarding abuse of Apple's enterprise developer program surfaced late last month, led by word that Facebook and Google were using the program to distribute market research apps to users that were capable of tracking all of their online activity in exchange for rewards.
Apple briefly revoked enterprise certificates for both companies, which had the side effect of temporarily disabling Facebook's and Google's internal apps including custom testing versions of their own public apps as well as private internal apps for corporate use such as transportation and food.
And just yesterday, additional abuse of Apple's enterprise program came to light in the form of apps featuring adult content and gambling that can not be distributed through the traditional App Store due to Apple's rules prohibiting or limiting those types of content.
Apple today announced that as of February 27, all developer accounts will require two-factor authentication to be turned on, a move that will help secure these accounts and limit their ability to be traded or sold amongst those seeking to skirt Apple's rules.
Popular Stories
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Top Rated Comments
Perhaps Tim can quit exerting so much control over what I want on my phone. Why can't I have torrent clients? Why can't I set custom DNS?
To those who think Apple is cracking down more because they only want people to go the App Store, or because they want more revenue from services, etc. you obviously haven't been paying too much attention to Apple since, well, forever. Apple has NEVER allowed public Apps outside the App Store, such a concept was probably never even a glimmer in Jobs or Cooks eye. You can argue all you want about Apple to taking too big a cut (30% is arguably too much), or the pitfalls of Apple's walled garden, or your frustrations with it, etc. The bottom line is Apple has always revoked enterprise certificates when they've been misused, and Apple will ALWAYS require developers to release their apps on the App Store.
The fact that we're hearing more about this is, like I said above, probably because of the FB and Google fiasco. In addition, other developers may be abusing the enterprise certificates more because jailbreaking is no longer a viable option - so if you want to provide an App that does things against the App Store TOS, the only way to do so without a jailbreak is by abusing the enterprise certificate.
Finally, I have a pretty strong feeling Apple will be making some sweeping changes to the certificate program to prevent these types of abuses moving forward.
[doublepost=1550121551][/doublepost]Really? That's your takeaway from this?
Apple doesn't allow public Apps outside of the App Store - the App Store is the first, best, line of defense against malicious apps and malware. Apple provides the developer program and enterprise certificate specifically for companies to create app for internal use only - whether for testing purposes or for intra-organization purposes were distributing via the App Store would be cumbersome. Apple can't stop Devs from violating the TOS before they actually violate them...but they can respond immediately once a violation comes to light.
Quite honestly, Apple can only protect it's user so much - if a user chooses to install an enterprise certificate and get an App that way, that's on the user, not Apple.