iOS pirates are using Apple's developer certificates to share hacked apps
Pirates are distributing modified versions of apps such as Spotify and 'Minecraft'.
Just days after it was revealed that dozens of gambling and pornographic apps have been abusing enterprise certificates to distribute apps outside of Apple's app store, Reuters has found that software pirates have been using the same process to distribute hacked versions of popular apps such as Spotify, Minecraft and Pokemon Go. The apps have been modified to block in-app advertising and make paid-for features available for free.
The illicit software distributors, which include TutuApp, Panda Helper and AppValley, are able to provide these hacked apps -- which are otherwise tightly controlled within Apple's App Store ecosystem -- by using enterprise developer certificates which act as digital keys that tell an iPhone if a piece of software can be trusted and opened. According to TechCrunch, these certificates are relatively easy to obtain and cost a one-off payment of $299. Distributors make money by charging a small yearly fee -- around $13 -- for access to "VIP" versions of their services.
Apple initially banned some of the pirates, but within days they were operational again having simply obtained another certificate. Apple says it's now working on implementing two-factor authentication -- a code sent to a phone as well as a password -- to log into developers accounts, which should be in place by the end of the month. It's not clear how much revenue these apps have siphoned away from the App Store and genuine app providers, nor how much these pirates have made from their activity, but Reuters reports that these distributors combined have more than 600,000 followers on Twitter, so it's safe to assume there are significant figures at play.
