Not just Facebook and Google: hardcore porn and real-money gambling apps openly abused Apple's 'Enterprise' program

Not just Facebook and Google: hardcore porn and real-money gambling apps openly abused Apple's 'Enterprise' program
Last week, news broke that Facebook and Google openly abused Apple's Enterprise Certificate program to get unprecedented access to private iPhone users' data. Facebook particularly used this loophole to gain root permissions which allowed the company to mine data about anything and everything on an iPhone, including private photos and videos, and Internet traffic that the company likely used to gain a competitive advantage over its rivals.

Today, we learn that it was not just Facebook and Google: dozens and dozens of hardcore pornography and real-money gambling apps used the same loophole to circumvent the App Store and bring apps to iPhones that would never have passed Apple's own rules.

Porn apps like these continue abusing the Enterprise certificate to circumvent the App Store's rules

Porn apps like these continue abusing the Enterprise certificate to circumvent the App Store's rules


Apple has been openly critical about other companies' security breaches (rightly so), but has itself enforced poor control over its own Enterprise Certificate program, which has made all sorts of different violations possible. The revelations come from a continued investigation by TechCrunch.

And here is how it worked:

Apple runs an Enterprise Certificate program, which is originally designed for companies to distribute internal apps to their employees and their employees only. The policy for this program explicitly says that "You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers." Apple, however, has failed to properly enforce its own rules.

Dozens and dozens of apps misused the Enterprise program

Dozens and dozens of apps misused the Enterprise program


There seem to be two ways of exploiting the Enterprise program that are used. The first one uses Apple's lax standard for accepting new business to the program. It takes filling an online form, paying a one-time $300 fee to Apple and telling a couple of lies on the phone to register a new business that could then misuse the Enterprise Certificate to distribute forbidden applications to users. The second method actually piggybacks on a legitimate certificate issued to a company. It's not clear exactly how, but developers are able to get 'rogue certificates' from a legitimate company to sign their forbidden apps and make them available to the public. Such certificate codes are then sold on various Chinese marketplaces and you could have up to a dozen of different forbidden apps piggybacking on one legitimate certificate.

Some of these apps are not explicitly malicious and do not mind user data as aggressively as Facebook did with its Facebook Research VPN app, while some 'helper tool' apps would install tracking and adware codes.

TechCrunch could easily install dozens of forbidden apps on an iPhone

TechCrunch could easily install dozens of forbidden apps on an iPhone


Guardian Mobile Firewall security researcher Will Strafach said that all of that could have easily been prevented had there been more strict rules for registering a business under this program and proper audit. "Given the rampant abuse, it seems Apple could easily add stronger verification processes and more check-ups to the Enterprise Certificate program. Developers should have to do more to prove their apps’ connection with the Certificate holder, and Apple should regularly audit certificates to see what kind of apps they’re powering."

Apple has already removed some of these malicious apps, but many others remain out in the wild. The company has not yet provided an official response to this and we'll update you as soon as there is one.

FEATURED VIDEO

9 Comments

1. Gryffin

Posts: 19; Member since: Dec 19, 2018

Sounds similar to 3rd party apps on android.

2. Ray.S

Posts: 432; Member since: Jul 19, 2011

Hahahaha, good one!

3. lyndon420

Posts: 6275; Member since: Jul 11, 2012

Where is the secure part of iOS again?

6. Leo_MC

Posts: 5914; Member since: Dec 02, 2011

“I am an Albanian virus; the developer has no money to create a threat, so please delete some files.” The user needs to install an app, then he needs to install AND authorize a certificate in order for things to happen. This works just like an Albanian virus ;).

9. sissy246

Posts: 6837; Member since: Mar 04, 2015

Hahahaha good one So much for ios is secure lmao

4. osterrich21

Posts: 186; Member since: Apr 14, 2017

IOS is safe, huh? For the iSheeps

5. osterrich21

Posts: 186; Member since: Apr 14, 2017

-"Siri, Pornhub,please" - "Yes, sir. Acessing now Pornhub.Good entertainment! "

7. KingSam

Posts: 1288; Member since: Mar 13, 2016

Now things like Gameboy emulators are out. There are genuinely useful ones but yes it is abused.

8. Man_Utd

Posts: 140; Member since: Feb 03, 2015

What happened to "What happens on your iPhone, stays on your iPhone"??? LOL I'm not surprised. Just pay Apple some money and you've got access. When are people going to realize, they don't care about you... they care about money.

Latest Stories