Image: Carles Rabada
Apple’s Enterprise Developer Program has been making headlines recently, most notably with both Facebook and Google deploying “research” apps that violate Apple’s Privacy agreement. Now, Apple has begun cracking down on “pirates” within the program who deploy “hacked” versions of popular apps like ad-free Spotify, Pokémon Go, and more.
Last month, we reported that Apple briefly blocked Facebook from running internal iOS apps by revoking its enterprise developer license. Apple learned that Facebook was paying users, as young as 13, to download a “research” app to their iPhone’s through the enterprise program. Facebook gathered tons of private information and mobile data but did not disclose an exact number.
Apple later briefly revoked Google’s license after they reportedly gathered user data from its “Screenwise Meter” app.
Both companies distributed market “research” apps capable of tracking users’ online activity in exchange for rewards.
As reported first by Reuters, “software pirates have hijacked technology designed by Apple Inc to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones.”
Furthermore, Reuters stated “TutuApp, Panda Helper, AppValley and TweakBox” as “pirates” who used digital certificates given to them through the program to exploit it.
According to MacRumors, “The software pirates, in turn, make money by charging some users annual subscription fees for “VIP” versions of their hacked apps that are more stable than the free versions.”
MacRumors also said, “using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.”
A large part of the issue is Apple provides a tool to look up an organization’s D-U-N-S ID number, which hackers can use to act as a representative of the company. Furthermore, Googling a business’ address details can dupe the system into believing they’re a legitimate representative.
After being alerted by Reuters, Apple immediately took action and terminated developers account who was in violation of their privacy agreement. Despite Apple enforcing account terminations, more pirate accounts have appeared.
In another blow to the program, earlier this week, Techcrunch reported that dozens of Adult Content and Gambling Apps were being deployed through the program, which is a clear breach of the App Store’s guidelines.
Apple to Reuters, “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked to protect our users and their data.”
Moving forward, Apple will need to perform regular audits of its developer program similar to the App Store, something it has failed to do.
Apple now requires two-factor authentication on all developer accounts to help cease exploits.