Latest in Entertainment

Image credit: Shutterstock

iOS pirates are using Apple's developer certificates to share hacked apps

Pirates are distributing modified versions of apps such as Spotify and 'Minecraft'.
309 Shares
Share
Tweet
Share
Save

Sponsored Links

Shutterstock

Just days after it was revealed that dozens of gambling and pornographic apps have been abusing enterprise certificates to distribute apps outside of Apple's app store, Reuters has found that software pirates have been using the same process to distribute hacked versions of popular apps such as Spotify, Minecraft and Pokemon Go. The apps have been modified to block in-app advertising and make paid-for features available for free.

The illicit software distributors, which include TutuApp, Panda Helper and AppValley, are able to provide these hacked apps -- which are otherwise tightly controlled within Apple's App Store ecosystem -- by using enterprise developer certificates which act as digital keys that tell an iPhone if a piece of software can be trusted and opened. According to TechCrunch, these certificates are relatively easy to obtain and cost a one-off payment of $299. Distributors make money by charging a small yearly fee -- around $13 -- for access to "VIP" versions of their services.

Apple initially banned some of the pirates, but within days they were operational again having simply obtained another certificate. Apple says it's now working on implementing two-factor authentication -- a code sent to a phone as well as a password -- to log into developers accounts, which should be in place by the end of the month. It's not clear how much revenue these apps have siphoned away from the App Store and genuine app providers, nor how much these pirates have made from their activity, but Reuters reports that these distributors combined have more than 600,000 followers on Twitter, so it's safe to assume there are significant figures at play.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
309 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
TiVo gave its unannounced Edge DVR to a customer

TiVo gave its unannounced Edge DVR to a customer

View
Facebook will shut down Group Stories on September 26th

Facebook will shut down Group Stories on September 26th

View
The best Alexa-compatible smart-home devices for Amazon Echo

The best Alexa-compatible smart-home devices for Amazon Echo

View
After Math: Being better than being best

After Math: Being better than being best

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr