App pirates are gaming Apple’s Developer program to distribute hacked versions of apps
If Apple can’t police this, things are more in shambles than it previously looked.
It’s not been a great few weeks for Apple and its Developer program. First was the big revelation that Facebook was using the internal-use-only certificates to distribute apps outside of the App Store. The kicker? That one of the apps was paying teens $20 a month to harvest their data. Following that initial report, Google was outed as also using the Developer program to distribute another research app. Apple’s response was to yank the developer certs for both companies temporarily, causing chaos internally at Facebook as their internal iOS apps all stopped working.
The upshot of this is that either Apple knew about the flagrant misuse of the Developer program and did nothing due to the size of the companies involved, or it doesn’t police its own programs at all and was blissfully unaware of the policy violations.
Now, there are new reports that suggest the latter is correct. Reuters reported that app pirates have been abusing Apple’s enterprise developer certificates to redistribute hacked versions of popular iOS apps such as Angry Birds, Minecraft, and Spotify.
Distributors of hacked iOS apps like TutuApp, AppValley, and Panda Helper have hacked, free versions of the popular apps on their services, including versions of Spotify hacked to be ad-free, and a Pokemon Go app tweaked to enable cheating. All of these distributors are skipping the App Store by using the enterprise certs to self-sign the pirated apps.
The Pirates also offer yearly “VIP” memberships to raise money, which claims to offer more stable versions of all its hacked iOS apps. Reuters was able to find out that some of the illicit storefronts impersonated a legit business to get the enterprise certifications, with seemingly no checks done at the time of application.
That’s not all
Meanwhile, TechCrunch has another hard-hitting expose, this time it is developers of porn and gambling apps misusing the enterprise developer certifications to distribute their seedy content, which has been banned from the App Store completely.
If Apple has no way to automatically track which apps the certificates that it hands out with the enterprise program end up in, then it should be manually vetting the companies that sign up to the program. Taking action after the fact, once media attention is focused on them is an abdication of duty. Apple has stringent rules for developers on its platforms and the responsibility for policing those should be on Apple, not on journalists or the general public.
- For some reason, MacBook Pros with Touch Bars can still skip unskippable YouTube ads
- Qobuz wants to be the new Spotify and it’s focusing on sound quality
- President Trump supposedly had a $50k golf simulator installed in the White House
- Some of the most exciting news to come out from Nintendo Direct
- Here’s how to use the unsend feature in Facebook Messenger