You are here: Home » Technology » News
Business Standard

Software pirates are using Apple tech to put hacked apps on iPhones

Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and circumvent fees

Reuters  |  San Francisco 

iPhone

pirates have hijacked technology designed by Inc to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, and other popular apps on iPhones, has found.

Illicit distributors such as TutuApp, Panda Helper, and have found ways to use digital certificates to get access to a program introduced to let corporations distribute to their employees without going through Apple's tightly controlled

Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving and of revenue.

By doing so, the are violating the rules of Apple's developer programs, which only allow apps to be distributed to the general public through the Downloading modified versions violates the terms of service of almost all major apps.

TutuApp, Panda Helper, and did not respond to multiple requests for comment.

Apple has no way of tracking the real-time distribution of these certificates, or the spread of improperly modified apps on its phones, but it can cancel the certificates if it finds misuse.

"Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely," an Apple told "We are continuously evaluating the cases of misuse and are prepared to take immediate action."

After initially contacted Apple for comment last week, some of the pirates were banned from the system, but within days they were using different certificates and were operational again.

"There's nothing stopping these companies from doing this again from another team, another developer account," said Amine Hambaba, at firm

Apple confirmed a media report on Wednesday that it would require two-factor authentication - using a code sent to a phone as well as a password - to log into all developer accounts by the end of this month, which could help prevent certificate misuse.

Major app makers Spotify Technology SA, and have begun to fight back.

Spotify declined to comment on the matter of modified apps, but the streaming music provider did say earlier this month that its new terms of service would crack down on users who are "creating or distributing tools designed to block advertisements" on its service.

Rovio, the maker of mobile games, said it actively works with partners to address infringement "for the benefit of both our community and Rovio as a business."

Niantic, which makes Pokemon Go, said players who use pirated apps that enable cheating on its game are regularly banned for violating its terms of service. Microsoft Corp, which owns the creative building game Minecraft, declined to comment.

SIPHONING OFF REVENUE

It is unclear how much revenue the pirate distributors are siphoning away from Apple and

offers a free version of Minecraft, which costs $6.99 in Apple's offers a version of Spotify's free streaming music service with the advertisements stripped away.

The distributors make money by charging $13 or more per year for subscriptions to what they calls "VIP" versions of their services, which they say are more stable than the free versions. It is impossible to know how many users buy such subscriptions, but the pirate distributors combined have more than 600,000 followers on

Security researchers have long warned about the misuse of enterprise developer certificates, which act as digital keys that tell an a piece of software downloaded from the internet can be trusted and opened. They are the centerpiece of Apple's program for corporate apps and enable consumers to install apps onto iPhones without Apple's knowledge.

Apple last month briefly banned and from using enterprise certificates after they used them to distribute data-gathering apps to consumers.

The distributors of pirated apps seen by Reuters are using certificates obtained in the name of legitimate businesses, although it is unclear how. Several pirates have impersonated a subsidiary of Mobile did not respond to requests for comment.

Tech news website earlier this week reported that certificate abuse also enabled the distribution of apps for pornography and gambling, both of which are banned from the App Store.

Since the App Store debuted in 2008, Apple has sought to portray the as safer than rival devices because Apple reviews and approves all apps distributed to the devices.

Early on, hackers "jailbroke" iPhones by modifying their software to evade Apple's controls, but that process voided the iPhone's warranty and scared off many casual users. The misuse of the enterprise certificates seen by Reuters does not rely on jailbreaking and can be used on unmodified iPhones.

 

(Reporting by Stephen and Dave in San Francisco; Editing by and Bill Rigby)

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

First Published: Thu, February 14 2019. 09:24 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU