More 'Enterprise' trouble for Apple, as hackers are found freely distributing pirated iOS apps

More 'Enterprise' trouble for Apple, as hackers are found freely distributing pirated iOS apps
While Google is working hard and purportedly making great progress in fighting malicious Android apps, Apple faces increasing public scrutiny and wide criticism from security experts for catastrophic iOS bugs, zero-day vulnerabilities, and weak protection against a newly discovered breach of its Developer Enterprise Program rules.

Believe it or not, there's more to the Enterprise Certificate abuse story than Facebook and Google's user privacy intrusions and all those illegal hardcore porn and gambling apps running wild on iPhones around the world without proper authorization. As uncovered by Reuters, similar violations of the Apple Developer Enterprise Program Agreement have made it possible for hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft, and "other popular" iOS apps to be distributed freely outside of Apple's official marketplace.

Unlike Android devices, iPhones would typically block attempts to install apps from sketchy, unverified sources. But a group of "illicit software distributors" including "companies" like TutuApp, Panda Helper, AppValley, and TweakBox have been caught wrongfully using enterprise developer certificates to bypass App Store verification. 

Basically, these hacking outfits are posing as legitimate businesses distributing enterprise software to employees when in fact they offer consumers illegitimate ways to stream music for free or dodge installation fees and in-app purchases as far as popular games are concerned. Technically, that doesn't make their pirated Spotify or Minecraft clones malware, but obviously, both Apple and the companies behind the authentic apps being hacked stand to lose quite a bit of money.

Right now, it's impossible to know how long this operation has been going on for or estimate the revenues lost by Apple and its partners. But Reuters claims the pirate distributors have over 600,000 Twitter followers, suggesting a pretty massive user base. These users are charged subscription fees of their own, mind you, in exchange for so-called "VIP" packages of hacked apps, often promoted as more stable than free versions.

For its part, Apple is trying to crack down on these unlawful practices, but given the extent of the pirate networks, that's not easy. For every developer account ban, several others are created or activated by various members of different teams, which are then able to obtain new digital certificates in the name of seemingly legit companies.

FEATURED VIDEO

9 Comments

1. blingblingthing

Posts: 897; Member since: Oct 23, 2012

Again, I hope no one fell for the iOS is completely secure fallacy. Smartphones are complex devices, intrution is only a matter of time.

2. osterrich21

Posts: 186; Member since: Apr 14, 2017

IOS : every day, a different bug...

3. adecvat

Posts: 626; Member since: Nov 15, 2013

What bug?

5. nepalisherpa

Posts: 334; Member since: Jul 17, 2015

Sideloading apps is a bug?

4. lyndon420

Posts: 6518; Member since: Jul 11, 2012

I didn't know such a thing was possible with iOS.

6. IT-Engineer

Posts: 523; Member since: Feb 26, 2015

You only need a certificate

8. civicsr2cool

Posts: 257; Member since: Oct 19, 2016

thats because Android fan boys are full of opinions about phones thay have never touched. You can sideload any app you want with cydia impactor.

7. clarity

Posts: 49; Member since: Jun 19, 2017

It's been happening for the last few years, apple knows about it and does nothing about it. Of course news outlets make this a *huge* deal when in reality, it's not. Basically everyone uses this, how come you guys only found about this now?!?!

9. civicsr2cool

Posts: 257; Member since: Oct 19, 2016

AppValley is offline right now.. I really really hope this isnt a trend. Its the only reason I love iOs over Android is the easy YouTube++, Spotify++, and PokeGo++ apps!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.