contador web Skip to content

Certificates were also used to spread fake versions of apps like Spotify and Minecraft.

Did you think that the policy of Apple's enterprise certificates being used to distribute banned apps had already seen its final chapter? Because you found it wrong.

In a report published today, the Reuters It exposed yet another category of illegal applications that malicious developers were (or are) installing on iPhones and iPads from users outside the App Store through certificates. These are fake versions of legitimate and paid apps and services, such as Spotify, Pokmon GO, Minecraft and angry Birds.

The fake apps are distributed by developers registered with names like TutuApp, Panda Helper, AppValley and TweakBox. They make a profit by placing ads on fake apps; AppValley's pirate Spotify, for example, allows users to make use of the free version of the service without commercial interruptions instead, it is ads from the malicious developer himself appearing on the screen.

THE Reuters contacted Apple before the report was published, and Apple was able to detect and ban several of the apps discovered by the agency. A few days later, however, most of them were back in the air with new certificates.

In a statement, Apple reiterated that developers who abuse corporate certificates will have them canceled and, if repeated, could be permanently banned from the Apple Developer Program. In addition, Ma confirmed that, in part because of the policy, require all developers to enable two-factor authentication on their accounts by the end of the month for security.

Should Ma take more extreme measures against such a scheme?

via The Verge