Apple Developer Program Co-opted to Install Pirated iPhone Apps

Apple Developer Program Co-opted to Install Pirated iPhone Apps

Apple has traditionally kept is smartphones locked down to prevent unauthorized app installs, but there is a program that helps companies test and distribute non-public apps. It appears that some clever and unscrupulous folks on the internet have co-opted that technology to provide hacked and pirated apps. Apple, understandably, is not pleased.

When using an iOS device, you can usually only download apps from the App Store. Some users resort to complicated and dangerous hacks to “jailbreak” phones to unlock more capabilities, but that’s harder than it used to be. Shady app marketplaces like TutuApp, Panda Helper, AppValley, and TweakBox make use of Apple’s enterprise developer certificates to get around that.

If that sounds familiar, it’s because Apple’s certificate program was in the spotlight recently thanks to Facebook and Google. Both companies were found to be using enterprise developer certificates to install powerful traffic analysis apps on the phones of volunteer customers. This was a violation of Apple’s policies, so both companies had to end the practice. That prompted Reuters to look for other evidence of misuse, which it found in the above app repositories.

All the above app providers advertise the availability of paid apps and games for free, as well as hacked/modded content. iDevice users are invited to install the store’s certificate, which allows the client to push apps outside the App Store. A stolen version of Minecraft or Facetune would never pass muster in the App Store, but TweakBox or Panda Helper can do whatever they want in their own little ecosystem. The stores also offer free-to-play and ad-supported content with mods that strip out the monetization.

Apple Developer Program Co-opted to Install Pirated iPhone Apps

Many of these underground app marketplaces have their own ads to make money, and a few offer paid subscriptions with access to exclusive hacked content and other perks. All of them are siphoning off money from Apple and independent developers, though.

Apple can’t control what developers do with the enterprise certificates, but it can revoke them. That’s what it did (briefly) with Facebook and Google when they were caught misusing the program. When reached for comment, Apple said it’s ready to take immediate action. Canceling a certificate immediately suspends all apps installed via that certificate. At least one of the app provides cited in the Reuters report has already gone offline.

Even if you don’t care about the ethical angle, giving any of these services access to your device is a bad idea from a security standpoint. There’s no telling what’s lurking in these hacked apps.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market
ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market

ARM took another step towards challenging x86 in its own right with the debut of the Cortex-A78C this week. The new chip packs up to eight "big" CPU cores and up to an 8MB L3 cache.

The Xbox Series S Is Handicapped by Its Storage Capacity
The Xbox Series S Is Handicapped by Its Storage Capacity

The Xbox Series S has been favorably received, for the most part, but the console's low base storage makes the Xbox Series X a better value for a lot of people.

In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip
In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip

Apple saw huge success the last time it switched architectures to Intel, but this time? The jury's still out, but one thing is certain: Apple is about to make a lot more money.