14. February 2019 09:47:14 IST
Software pirates have developed a technology developed by Apple Inc. for selling hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft, and other popular apps on iPhones, Reuters found.
Illicit software distributors such as TutuApp, Panda Helper, AppValley, and TweakBox have found ways to use digital certificates to gain access to an Apple-implemented program that uses business-leasing companies to distribute business applications to their employees without going through Apple's tightly controlled App Store.
With Enterprise Developer Certificates, these pirate operations provide modified versions of popular apps for consumers to stream ad-free music and avoid fees, and rules in games that deny revenue to Apple and legitimate app publishers.
TutuApp, Panda Helper, AppValley and TweakBox have not responded to multiple requests for comments.
Apple has no way to track the real time distribution of these certificates or the distribution of incorrectly changed data apps on its phones, but it can cancel the certificates if it is misused.
"Developers who abuse our company certificates violate the Apple Developer Enterprise Program Agreement and will cancel their certificates. This will eventually be the case completely removed from our developer program, "said a spokesman for Apple by Reuters . "We are constantly reviewing the cases of abuse and are ready to take immediate action."
After contacting firstapplicationforcompliancewiththe pastweek, somepirateswhenoutpreventingtheSystemfromtheSystem, usingvariouscertificatesandrepowered
"Nothing prevents these companiesfrom doing this again from another team, another developer account," said Amine Hambaba, security manager of the Shape Security software company.
Apple confirms a media report on Wednesday that a two-factor authentication would be required – with a code and password sent to a phone – to sign up for all developer accounts by the end of this month, which could help alleviate the abuse of certificates.
The major app manufacturers Spotify Technology SA, Rovio Entertainment Oyj and Niantic Inc. have begun to fight back.
It's unclear how much revenue Apple's pirate distributors and legitimate app creators are taking.
TutuApp offers a free Minecraft version offering, which costs $ 6.99 on the Apple App Store. AppValley is offering a version of Spotify's free streaming music service, where the ad is removed.
Distributors make money by charging $ 13 or more for subscriptions to their so-called "VIP" versions of their services, which they believe are more stable than the free versions. It's impossible to know how many users are buying such subscriptions, but the pirate distributors together have more than 600,000 followers on Twitter.
Security researchers have long warned against the misuse of enterprise developer certificates that act as digital keys to an iPhone Software downloaded from the Internet can be trusted and opened. At the heart of Apple's enterprise application program, they enable consumers to install apps on iPhones without the knowledge of Apple.
Apple last month briefly banned Facebook ] and Google of corporate certificates after added to the collection of Data collections had been used to consumers.
Reuters' counterfeit apps seen by Reuters use credentials from legitimate companies acquired in the name, although it is unclear how. Several pirates have a subsidiary of China Mobile Ltd. embodies. China Mobile did not respond to inquiries.
Tech News site TechCrunch reported that the misuse of certificates also prohibits the distribution of apps for pornography and gambling, both of which are banned from the App Store.
Since the App Store was introduced in 2008, Apple has attempted to make the iPhone more secure than other Android devices because Apple reviews and approves all apps distributed on the devices.  Hackers "jailbroke" iPhones early on by modifying their software to circumvent Apple's controls, but this invalidated the iPhone's warranty and deterred many casual users. Reuters' abuse of company certificates is not based on jailbreak and can be used on unmodified iPhones.
Tech2 is now on Whatsapp. Sign up for all WhatsApp services to learn about the latest technologies and science. Just go to Tech2.com/Whatsapp and click the Subscribe button.