Skip to main content

Apple continues enterprise certificate cleanup as distributors found sharing ad-free Spotify, more

The barrage of applications taking advantage of Apple’s enterprise certificate program continues today. Reuters reports that software distributors have been using the program to share modified versions of popular apps, such as an ad-free version of Spotify.

According to the report, software distributors including TutuApp, Panda Helper, AppValley and TweakBox have been using the enterprise certificate program to distribute modified apps.

For example, AppValley offers a version of Spotify that does not include advertisements – even on the free tier. TutuApp distributes a free version of Minecraft, which normally runs $6.99 on the App Store. Other affected apps include Pokémon GO and Angry Birds.

The distributors make money by charging $13 or more per year for subscriptions to what they calls “VIP” versions of their services, which they say are more stable than the free versions. It is impossible to know how many users buy such subscriptions, but the pirate distributors combined have more than 600,000 followers on Twitter.

Reuters says it first contacted Apple last week for statement. Shortly thereafter, many of the pirated applications were banned. A few days later, however, they reappeared through different enterprise certificates.

In its statement, Apple said that it is continuously evaluating misuse of its enterprise certificates:

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely,” an Apple spokesperson told Reuters. “We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

Facebook was first discovered to be using the enterprise certificates program to distribute its Facebook Research VPN. Google was then found to be doing something similar. On Tuesday, a TechCrunch investigation revealed a slew of porn and gambling apps being distributed through the program as well.

Earlier today, TechCrunch’s Josh Constine confirmed that Apple had removed most of the illicit applications mentioned in his investigation. At this point, however, there is little stopping the developers from offering the same app via enterprise certificates through a different developer account.

Apple announced this afternoon that it will start requiring all developer accounts to use two-factor authentication. Some have suggested could help crackdown on this abuse of the enterprise certificate program, but only time will tell.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications