Apple’s App Store has become the iPhone’s first line of defense against malware, adware, or otherwise scammy software, but it isn’t airtight. Earlier this year, Apple weathered a string of scandals around enterprise certificates, which allow companies to sidestep the App Store when deploying software to internal employees. In theory, it’s a useful tool for corporate software deployment, but reporting showed the certificates were being used to sidestep App Store bans on spyware, gambling, and other questionable kinds of software.

Now, Apple is taking steps to control those certificates a lot more closely, according to new documentation made public by iOS developer Steve Moser in advance of WWDC. The new “Terms and Conditions” for developers partnering with the App Store will face much more proactive vetting, including individual review of apps deployed under the certificate. If Apple finds a particular app is not an appropriate use, the developer will be required to withdraw the app on request.

“You understand and agree that Apple reserves the right to review and approve or reject any internal use application that you would like to deploy … at any time during the term of this agreement,” reads a new section in the Terms & Conditions for the App Store. “If requested by Apple, you agree to fully cooperate with Apple and promptly provide such internal use application to Apple for such review.”

Previously, Apple kept strict control over enterprise certificates, but had little visibility into the apps they were used to deploy. When a particular company did step over the line — most prominently, when Facebook and Google used their certificate to collect detailed data from select users — Apple’s only recourse was to revoke their enterprise certificate, often taking down dozens of apps at once. It’s unclear how aggressively Apple will use its new powers, but it’s the most concrete response to enterprise deployments that we’ve seen so far.