Hackers used Apple tech to put malicious apps on iPhones

Doris Richards
February 15, 2019

All the above app providers advertise the availability of paid apps and games for free, as well as hacked/modded content. iDevice users are invited to install the store's certificate, which allows the client to push apps outside the App Store.

Apple the enterprise certificates of both when the company became aware of the breach of its terms.

A by Techcrunch released just this week uncovered dozens of pornography and gambling apps - the type of software which would never make it into the official App Store - being distributed through Apple's enterprise developer program.

The report notes that the issue begins with Apple's lax requirements for accepting companies into its enterprise program, which is exclusively meant for corporations to permit staff to aspect-load apps for inside use. Reuters discovered that many of these pirated app distributors impersonated a subsidiary of China Mobile Ltd, a Chinese state-owned telecom company. Unfortunately, software pirates can easily find a new certificate to use if their old one is compromised.

According to Reuters, Apple is not able to track the fraudulent spread of certificates or hacked apps but can cancel a certificate if they find it has been misused.

The distributors of pirated apps are using certificates obtained in the name of legitimate businesses.

Believe it or not, there's more to the Enterprise Certificate abuse story than Facebook and Google's user privacy intrusions and all those illegal hardcore porn and gambling apps running wild on iPhones around the world without proper authorization.

Its unclear exactly how much revenue these pirated software services have generated or exactly how much this has affected the developers behind the legitimate versions of the hacked apps.

Apple says that two-factor authentication for developer accounts should be live by the end of the month, so we'll see soon enough if it helps stop the distribution of hacked apps like Spotify and Minecraft. Spotify (which is cracking down on ad blockers) declined comment, while none of the others immediately responded to the request. Security researchers have long warned about the misuse of enterprise developer certificates, which act as digital keys that tell an iPhone a piece of software downloaded from the Internet can be trusted and opened.

Naturally, this is a big problem for both the creators of these apps and Apple, as it means they miss out on revenue.

Other reports by Iphone Fresh

Discuss This Article