The barrage of applications taking advantage of Apple’s enterprise certificate program continues today. Reuters reports that software distributors have been using the program to share modified versions of popular apps, such as an ad-free version of Spotify.
According to the report, software distributors including TutuApp, Panda Helper, AppValley and TweakBox have been using the enterprise certificate program to distribute modified apps.
For example, AppValley offers a version of Spotify that does not include advertisements – even on the free tier. TutuApp distributes a free version of Minecraft, which normally runs $6.99 on the App Store. Other affected apps include Pokémon GO and Angry Birds.
Reuters says it first contacted Apple last week for statement. Shortly thereafter, many of the pirated applications were banned. A few days later, however, they reappeared through different enterprise certificates.
In its statement, Apple said that it is continuously evaluating misuse of its enterprise certificates:
Facebook was first discovered to be using the enterprise certificates program to distribute its Facebook Research VPN. Google was then found to be doing something similar. On Tuesday, a TechCrunch investigation revealed a slew of porn and gambling apps being distributed through the program as well.
Earlier today, TechCrunch’s Josh Constine confirmed that Apple had removed most of the illicit applications mentioned in his investigation. At this point, however, there is little stopping the developers from offering the same app via enterprise certificates through a different developer account.
Apple announced this afternoon that it will start requiring all developer accounts to use two-factor authentication. Some have suggested could help crackdown on this abuse of the enterprise certificate program, but only time will tell.
