Apple faces challenges with pirate developers abusing enterprise certificates

Ruben Fields
February 15, 2019

For example, the pirated Spotify blocks the ads that normally play when you listen with a free subscription and you can play the altered Minecraft for free (it normally costs $7 in the App Store).

Enterprise developer certificates are being used to allow consumers to stream music without ads and to circumvent fees and rules in games, which deprives Apple and third-party software companies of potential revenue.

Apple, for its part, maintains that it will disable the enterprise certificates of companies found to be abusing them and remove offending distributors from the iOS Developer Program entirely if the situation calls for it.

Software pirates are distributing bootleg versions of Spotify, Angry Birds, Pokemon Go, and other popular apps available for iPhone, according to a new report by Reuters. On Twitter, the pirates have a combined 600,000+ followers. It can cancel a certificate should it find one that is being misused.

Avril Lavigne and Nicki Minaj challenge 'dumb blonde' stereotypes on new collaboration
It's a fun and cheerful song that opens with a drum line that makes way for blaring horns and a guitar riff as Lavigne sings, "I ain't no dumb blonde/ I ain't no stupid Barbie doll/ I got my game on/ You gon' watch me, watch me, watch me prove you wrong".

Numerous certificates were also fraudulently applied for using the name of legitimate companies, with TechCrunch reporting that the process of applying for the certificate only involved filling in a web form with some details of a legitimate company which could easily be acquired from a web search, paying $299 to Apple and answering a phone call a few weeks later.

Some of the distributors have also been discovered using enterprise certificates that have been stolen from legitimate developers, making the issue even harder for Apple to police. For now, though, it's clear that enterprise certificates in their current state have a lot of potential for abuse, and that probably isn't something that can persist if Apple wants to keep its biggest app partners happy.

Soon after Facebook and Google were found abusing Apple's app policies, a new investigation has revealed that there are dozens of apps related to pornography and gambling.

Apple will begin to require two-factor authentication to log in to developer accounts, but it is unclear how this will prevent certificate misuse if the certificate was granted as a result of identity theft, the report said. Microsoft, the owner of Minecraft, declined to comment. Since these apps are not going through Apple's App Store screening, there is a higher chance they may contain malware or tracking software. However, they quickly sprang back using different certificates from other developer accounts. Sadly, it seems like this will ultimately make life more complicated for legitimate members of the Developer Enterprise program.

Other reports by

Discuss This Article