Normally if you want pirated apps on your mobile phone you look at Android. Not only because someone will try to upload something pirated on Play Store and Google will just not care for a long period of time, but on Android you can actually install anything you want anytime and from anywhere. But that was not the case of iOS as the guys from Apple have been doing a good enough job to keep pirated apps under control, until now at least.
It is certainly not a good thing for those who want a pirate free software marketplace, but it is for sure very interesting. For some time now Apple allows developers to use their distribution platform to publish iOS apps that are meant for internal use within a company. These apps are validated using an enterprise grade certificate, and these certificates are not under Apple’s strict control. Due to this, the enterprise certificates have been used for other types of iOS apps most of these apps being pirated apps.
As a consequence, App Store has been hosting for a while pirated iOS apps like Spotify which was free of ads, a free Minecraft app, casino games which normally are not allowed on the App Store an even pornography. The sad part is that these pirated apps keep on being re-uploaded even if Apple keeps deleting them.
The discovery of pirated apps and forbidden apps came after it was discovered that allot of porn and casino apps were available for download in the App Store, despite braking Apple’s terms and conditions. Each of these iOS apps used these kind of certificates and in many cases registered under an entirely separate company to allow the download onto a standard iOS device.
Obtaining an enterprise grade certificate for iOS apps development is not very hard, all you have to do is pay $299, insert some company data (which is very easy to obtain as this is public information) and you are done. Until Apple finds a more viable solution and maybe tighten some conditions on getting such a certificate these pirated apps will still be a problem.
According to TechCrunch’s investigation individuals with access to these developer certificates were found to be selling access to them on online marketplaces which resulted in multiple iOS apps being registered to the same enterprise certificate.
The abuse of these certificates first came to light when Facebook was using them to distribute an app to teens that was tracking their phone usage. Further investigation showed that even Google offered such an app. In both of these cases Apple revoked the certificates for the companies, and this makes you wonder what other things big companies are doing to track their users.
