Apple's Enterprise Developer Program Also Being Used to Distribute Hacked Apps

Misuse of Apple's enterprise developer program certificates continues to make news, with a new report from Reuters outlining how software pirates have been using the program to distribute hacked versions of popular apps like Minecraft, Pokemon Go, Spotify, Angry Birds, and more.

Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.

The software pirates in turn make money by charging some users annual subscription fees for "VIP" versions of their hacked apps that are "more stable than the free versions."

After being alerted by Reuters to these developer accounts being used to distribute hacked apps, Apple removed a number of them, but more have since sprung up to take their place.

Revelations regarding abuse of Apple's enterprise developer program surfaced late last month, led by word that Facebook and Google were using the program to distribute market research apps to users that were capable of tracking all of their online activity in exchange for rewards.

Apple briefly revoked enterprise certificates for both companies, which had the side effect of temporarily disabling Facebook's and Google's internal apps including custom testing versions of their own public apps as well as private internal apps for corporate use such as transportation and food.

And just yesterday, additional abuse of Apple's enterprise program came to light in the form of apps featuring adult content and gambling that can not be distributed through the traditional App Store due to Apple's rules prohibiting or limiting those types of content.

Apple today announced that as of February 27, all developer accounts will require two-factor authentication to be turned on, a move that will help secure these accounts and limit their ability to be traded or sold amongst those seeking to skirt Apple's rules.

Top Rated Comments

(View all)
Avatar
15 months ago

Popular apps like...Angry Birds

What year is this, 2010??
Score: 15 Votes (Like | Disagree)
Avatar
15 months ago

In other words, Apple wants to close loopholes to bypass Apple App Store and services to guarantee their 30% cut even for legit apps like Kodi. This is equivalent to if Google was to reverse their current policy by removing legit apps like Kodi from Google Play Store then disabling side loading of apps.

Apple never allowed this sort of abuse. It was done nonetheless. Go use android , if you want to install your favorite malware.
Score: 15 Votes (Like | Disagree)
Avatar
15 months ago
People have been sideloading apps through this method for years. Apple is well aware of this. The fact that they are doing a massive crackdown now is probably because their revenue is increasingly dependant on the "services" category.

Perhaps Tim can quit exerting so much control over what I want on my phone. Why can't I have torrent clients? Why can't I set custom DNS?
Score: 9 Votes (Like | Disagree)
Avatar
15 months ago

In other words, Apple wants to close loopholes to bypass Apple App Store and services to guarantee their 30% cut even for legit apps like Kodi. This is equivalent to if Google was to reverse their current policy by removing legit apps like Kodi from Google Play Store then disabling side loading of apps.

THis isn’t a loophole. It’s people violating the developer agreement they entered into.
Score: 8 Votes (Like | Disagree)
Avatar
15 months ago
If I recall correctly, there have been numerous instances in the past were developers were caught violating the enterprise certificates TOS - and said developers certificates were summarily revoked. My guess is that these stories are now making headlines specifically because of the recent FB and Google fiasco; and thus suddenly people are digging more into how the enterprise certificates work.

To those who think Apple is cracking down more because they only want people to go the App Store, or because they want more revenue from services, etc. you obviously haven't been paying too much attention to Apple since, well, forever. Apple has NEVER allowed public Apps outside the App Store, such a concept was probably never even a glimmer in Jobs or Cooks eye. You can argue all you want about Apple to taking too big a cut (30% is arguably too much), or the pitfalls of Apple's walled garden, or your frustrations with it, etc. The bottom line is Apple has always revoked enterprise certificates when they've been misused, and Apple will ALWAYS require developers to release their apps on the App Store.

The fact that we're hearing more about this is, like I said above, probably because of the FB and Google fiasco. In addition, other developers may be abusing the enterprise certificates more because jailbreaking is no longer a viable option - so if you want to provide an App that does things against the App Store TOS, the only way to do so without a jailbreak is by abusing the enterprise certificate.

Finally, I have a pretty strong feeling Apple will be making some sweeping changes to the certificate program to prevent these types of abuses moving forward.
[doublepost=1550121551][/doublepost]

So apple is depending on honest devs to keep iOS users safe. Lol.

Really? That's your takeaway from this?

Apple doesn't allow public Apps outside of the App Store - the App Store is the first, best, line of defense against malicious apps and malware. Apple provides the developer program and enterprise certificate specifically for companies to create app for internal use only - whether for testing purposes or for intra-organization purposes were distributing via the App Store would be cumbersome. Apple can't stop Devs from violating the TOS before they actually violate them...but they can respond immediately once a violation comes to light.

Quite honestly, Apple can only protect it's user so much - if a user chooses to install an enterprise certificate and get an App that way, that's on the user, not Apple.
Score: 8 Votes (Like | Disagree)
Avatar
15 months ago

Not surprising news about these enterprise certificates. Not the first time that I recall that they have made news for going against some TOS.
[doublepost=1550119903][/doublepost]
So Apple cracking down is because of loss of revenue rather than adhering to a TOS. Interesting spin on that.

Apple has been revoking these certificates on a continuous basis throughout these years, it wasn't until recently that they issued massive ban waves. Perhaps you should read my full comment before embarrassing yourself. And yes, I am allowed to speculate.
Score: 7 Votes (Like | Disagree)

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Seemingly Unreleased Version of Logic Pro X With Live Loops Appears on Apple's Education Site [Updated]

Sunday March 29, 2020 7:23 am PDT by Hartley Charlton
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows. A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...

Bloomberg: Apple's 5G iPhone Still on Schedule for Fall Launch, But Future Products Could Be Delayed

Monday March 30, 2020 2:40 am PDT by Tim Hardwick
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday. Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...

Apple Releases ProRes RAW Beta for Windows

Monday March 30, 2020 9:33 am PDT by Juli Clover
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...

2020 iPad Pro Teardown Provides Closer Look at LiDAR Scanner and Confirms Incremental Update

Saturday March 28, 2020 9:56 am PDT by Hartley Charlton
iFixit today shared a video teardown of the new iPad Pro, which Apple unveiled earlier this month. iFixit found that most of the internals of the 2020 iPad Pro are the same as the 2018 model, confirming that the device is a relatively incremental update. The most notable new feature seen inside the new iPad Pro was the LiDAR scanner, which measures the distance to surrounding objects up...

Apple Configurator 2 Updated With New Features, Including Support for Restoring Firmware on 2019 Mac Pro

Tuesday March 31, 2020 5:34 am PDT by Joe Rossignol
Apple Configurator 2 has been updated to version 2.12 with several improvements, including support for restoring firmware on the 2019 Mac Pro. The release notes:• Added support for restoring firmware on the 2019 Mac Pro • Allow access to websites using TLS 1.0 and 1.1 • VPN: Configure Provider Designated Requirement for Custom SSL connection type • VPN: Configure network options for ...

U.S. Government Using Mobile Ad Location Data to Track Compliance With Curbs on Movement

Monday March 30, 2020 4:48 am PDT by Tim Hardwick
The U.S. government is using smartphone location data from the mobile ad industry to track people's movements amid the coronavirus outbreak, according to a Wall Street Journal report. Local governments and the Centers for Disease Control and Prevention have received the anonymized data about people in areas of "geographic interest," with the aim being to create a portal of geolocation...