Apple has been infiltrated by software pirates who figured out a way to use digital certificates to gain access to an Apple program, which corporations use to distribute business apps, as a means of rolling out hacked versions of popular apps.
According to a report in Reuters, the software pirates – including TutuApp, Panda Helper, AppValley and TweakBox – are using the so-called enterprise developer certificates to provide versions of popular apps that don’t require consumers to view ads, pay fees or follow the rules. As the report noted, that is hurting Apple and the app maker’s revenue streams. The report noted that hacked versions of Spotify, Angry Birds, Pokémon Go, Minecraft and other apps are showing up in the App Store.
“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our developer program completely,” an Apple spokesperson told Reuters. “We are continuously evaluating the cases of misuse and are prepared to take immediate action.”
Shortly after Apple learned of the software pirates’ action, some were banned from the system – but just days later, Reuters spotted them using different certificates to offer the hacked apps again. While security experts said there is nothing that can prevent the companies from opening new accounts and doing it again, Apple is now requiring two-factor authentication, in which a user must provide both a password and a code that is sent to their phone to get access to developer accounts.
While Spotify didn’t comment on the Reuters report, it did say in February that new terms of service are aimed at users who create and make available tools that block advertisers.
The misuse of enterprise developer certificates by hackers has long been a concern of security experts, as they are at the heart of Apple’s program for corporate apps and let consumers install apps without Apple’s knowledge. The certificates are a digital key that communicates to the iPhone that software installed online is trusted. In January, Apple banned Facebook and Alphabet for a short period of time after using the certificates to distribute apps that gathered data, noted the report.