Advertisement

Porn and gambling apps are also abusing Apple's enterprise certificates

Developers used fake information to obtain certification.

Following the controversy over Facebook and Google's misuse of enterprise certificates to distribute apps outside of Apple's App Store, TechCrunch reports that dozens of gambling and pornographic apps used the same process to sidestep Apple's normal restrictions. Engadget reached out to Apple for comment regarding the report and will update this story if we hear back.

According to TechCrunch, there are thousands of websites offering "sideloaded" enterprise apps, or apps that can be installed on an iPhone without going through the App Store. While this would typically require jailbreaking the device, the apps function because they have approval in the form of an enterprise certificate. The porn apps allowed users to watch and pay for hardcore pornography, while gambling apps let users deposit and withdraw real money. Those actions would be restricted if the apps were in the App Store.

Many of the apps discovered with the certification were using fake company names or a non-descript name to avoid any suspicion and avoid detection. Others used the names of other, unrelated legitimate businesses to gain approval. The developers are believed to have gotten enterprise certification by using publicly available information about another business to receive approval.

While some of the apps that appear to be violating Apple's terms have been removed, the situation highlights what appears to be an ongoing issue for the company. Apple requires companies to pledge that they won't use apps approved with enterprise certificates for anything other than internal use, but there don't appear to be effective mechanisms in place to proactively hold companies to that promise. Instead, Apple removes the apps as they come up, leading to a game of whack-a-mole with developers abusing the certification.