Stefan Mileschin

Distributing hacked versions of popular apps

Software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found a simple way to distribute pirated iPhone apps without using Apple’s app store.

The trick is to use enterprise developer certificates, and these pirate operations are providing modified versions of popular apps to consumers.

This means that they can stream music without ads and circumvent fees and rules in games. It also means that the app makers don’t get paid and neither does Jobs’ Mob.

Reuters, which discovered the hack, was incandescent with horror that the pirates were violating the sacred and holy rules of Apple’s developer programmes which only allow apps to be distributed to the general public through the App Store.

“Downloading modified versions violates the terms of service of almost all major apps”, Reuters snuffled.

Apparently Apple had no way of tracking the real-time distribution of these certificates, or the spread of improperly modified apps on its phones.

All it can do is cancel the certificates if it finds misuse.

However all the pirates need to do was use different certificates, who would have thunk it?

Apple said to tackle the problem it would require two-factor authentication - using a code sent to a phone as well as a password - to log into all developer accounts by the end of this month, which could help prevent certificate misuse.

Security researchers have long warned that enterprise developer certificates were a weak link in Apple’s security.

https://fudzilla.com/news/mobile/481...apple-security