Turns out Apple’s Enterprise Certificate Program is hiding a multitude of sinful apps

by Surur
February 12, 2019

Turns out is not just Facebook and Google who are misusing Apple’s Enterprise Certificate Program to distribute apps which would not pass Apple’s App Store approval process.

Techcrunch has discovered that hundreds of companies are distributing pornography and gambling apps to members of the public using the certificate system designed for only internal use.

Many of the certificates were also fraudulently applied for using the name of legitimate companies, with TechCrunch reporting that the process of applying for the certificate only involved filling in a web form with some details of a legitimate company which could easily be acquired from a web search, paying $299 to Apple and answering a phone call a few weeks later.

Once a certificate was acquired it was often used by multiple unrelated publishers. Apps available to sideload from websites included Swag, PPAV, Banana Video, iPorn (iP), Pear, Poshow and AVBobo, RD Poker and RiverPoke, all of which violated Apple’s content policies.

Apple has said they would investigate the abuses, saying:

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

The news, however, underlines that the supposedly safe and secure iPhone ecosystem has a rather seedy underbelly which we have so far not really been aware of, and which undermines Apple’s push to sell the platform as a safe haven. Apple will clearly need to do a lot more policing to regain the moral high ground.

Read more on the investigation at TechCrunch here.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}