More 'Enterprise' trouble for Apple, as hackers are found freely distributing pirated iOS apps
While Google is working hard and purportedly making great progress in fighting malicious Android apps, Apple faces increasing public scrutiny and wide criticism from security experts for catastrophic iOS bugs, zero-day vulnerabilities, and weak protection against a newly discovered breach of its Developer Enterprise Program rules.
Believe it or not, there's more to the Enterprise Certificate abuse story than Facebook and Google's user privacy intrusions and all those illegal hardcore porn and gambling apps running wild on iPhones around the world without proper authorization. As uncovered by Reuters, similar violations of the Apple Developer Enterprise Program Agreement have made it possible for hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft, and "other popular" iOS apps to be distributed freely outside of Apple's official marketplace.
Unlike Android devices, iPhones would typically block attempts to install apps from sketchy, unverified sources. But a group of "illicit software distributors" including "companies" like TutuApp, Panda Helper, AppValley, and TweakBox have been caught wrongfully using enterprise developer certificates to bypass App Store verification.
Basically, these hacking outfits are posing as legitimate businesses distributing enterprise software to employees when in fact they offer consumers illegitimate ways to stream music for free or dodge installation fees and in-app purchases as far as popular games are concerned. Technically, that doesn't make their pirated Spotify or Minecraft clones malware, but obviously, both Apple and the companies behind the authentic apps being hacked stand to lose quite a bit of money.
Right now, it's impossible to know how long this operation has been going on for or estimate the revenues lost by Apple and its partners. But Reuters claims the pirate distributors have over 600,000 Twitter followers, suggesting a pretty massive user base. These users are charged subscription fees of their own, mind you, in exchange for so-called "VIP" packages of hacked apps, often promoted as more stable than free versions.
For its part, Apple is trying to crack down on these unlawful practices, but given the extent of the pirate networks, that's not easy. For every developer account ban, several others are created or activated by various members of different teams, which are then able to obtain new digital certificates in the name of seemingly legit companies.