Connect with us

Apps

App pirates are gaming Apple’s Developer program to distribute hacked versions of apps

If Apple can’t police this, things are more in shambles than it previously looked.

apple iphone with ios 13 apps on screen
Image: Unsplash

It’s not been a great few weeks for Apple and its Developer program. First was the big revelation that Facebook was using the internal-use-only certificates to distribute apps outside of the App Store. The kicker? That one of the apps was paying teens $20 a month to harvest their data. Following that initial report, Google was outed as also using the Developer program to distribute another research app. Apple’s response was to yank the developer certs for both companies temporarily, causing chaos internally at Facebook as their internal iOS apps all stopped working.

The upshot of this is that either Apple knew about the flagrant misuse of the Developer program and did nothing due to the size of the companies involved, or it doesn’t police its own programs at all and was blissfully unaware of the policy violations.

Now, there are new reports that suggest the latter is correct. Reuters reported that app pirates have been abusing Apple’s enterprise developer certificates to redistribute hacked versions of popular iOS apps such as Angry Birds, Minecraft, and Spotify.

Distributors of hacked iOS apps like TutuApp, AppValley, and Panda Helper have hacked, free versions of the popular apps on their services, including versions of Spotify hacked to be ad-free, and a Pokemon Go app tweaked to enable cheating. All of these distributors are skipping the App Store by using the enterprise certs to self-sign the pirated apps.

The Pirates also offer yearly “VIP” memberships to raise money, which claims to offer more stable versions of all its hacked iOS apps. Reuters was able to find out that some of the illicit storefronts impersonated a legit business to get the enterprise certifications, with seemingly no checks done at the time of application.

That’s not all

Meanwhile, TechCrunch has another hard-hitting expose, this time it is developers of porn and gambling apps misusing the enterprise developer certifications to distribute their seedy content, which has been banned from the App Store completely.

If Apple has no way to automatically track which apps the certificates that it hands out with the enterprise program end up in, then it should be manually vetting the companies that sign up to the program. Taking action after the fact, once media attention is focused on them is an abdication of duty. Apple has stringent rules for developers on its platforms and the responsibility for policing those should be on Apple, not on journalists or the general public.

What do you think? How should Apple address these issues? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Apps