Latest in Entertainment

Image credit:

iOS pirates are using Apple's developer certificates to share hacked apps

Pirates are distributing modified versions of apps such as Spotify and 'Minecraft'.
Rachel England, @rachel_england
February 14, 2019
Share
Tweet
Share

Sponsored Links

Shutterstock

Just days after it was revealed that dozens of gambling and pornographic apps have been abusing enterprise certificates to distribute apps outside of Apple's app store, Reuters has found that software pirates have been using the same process to distribute hacked versions of popular apps such as Spotify, Minecraft and Pokemon Go. The apps have been modified to block in-app advertising and make paid-for features available for free.

The illicit software distributors, which include TutuApp, Panda Helper and AppValley, are able to provide these hacked apps -- which are otherwise tightly controlled within Apple's App Store ecosystem -- by using enterprise developer certificates which act as digital keys that tell an iPhone if a piece of software can be trusted and opened. According to TechCrunch, these certificates are relatively easy to obtain and cost a one-off payment of $299. Distributors make money by charging a small yearly fee -- around $13 -- for access to "VIP" versions of their services.

Apple initially banned some of the pirates, but within days they were operational again having simply obtained another certificate. Apple says it's now working on implementing two-factor authentication -- a code sent to a phone as well as a password -- to log into developers accounts, which should be in place by the end of the month. It's not clear how much revenue these apps have siphoned away from the App Store and genuine app providers, nor how much these pirates have made from their activity, but Reuters reports that these distributors combined have more than 600,000 followers on Twitter, so it's safe to assume there are significant figures at play.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Put Bernie Sanders almost anywhere with this Google Street View app

Put Bernie Sanders almost anywhere with this Google Street View app

View
The first big 'Cyberpunk 2077' patch has arrived

The first big 'Cyberpunk 2077' patch has arrived

View
The Morning After: The Galaxy S21 reviews are in

The Morning After: The Galaxy S21 reviews are in

View
NBC is shutting down its sports cable channel as the bundle contracts

NBC is shutting down its sports cable channel as the bundle contracts

View
President Biden appoints 'world-class' cybersecurity team in wake of hacks

President Biden appoints 'world-class' cybersecurity team in wake of hacks

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr