Hack discovered in popular App Store apps!

February 14, 2019

Internet "pirates" and malicious users have apparently found a way to tamper with Apple's Enterprise Developer Program to upload pirated versions of popular applications to the App Store!

In particular, versions of the Spotify, Pokémon Go, Minecraft and Angry Birds apps have been discovered, which have been differentiated in such a way as to block in-app ads and offer free paid features. In doing so, they manage to deprive original developers, and Apple, of a significant amount of revenue.

Apple was informed about the above issue and blocked several of these applications, but the "pirates" managed to restore them with different certificates within a few days! These revelations show that Apple is struggling to control access to business certificates, which developers can exploit to circumvent the strict App Store rules by simply stating that the app they want to promote is intended for use only by employees of a business.

As mentioned at the beginning of this article, one of the "pirated" apps was a version of Spotify that was modified to block ads that appear when the user is listening to music with a free subscription. Also available was a free version of the well-known game Minecraft, which usually costs $6.99 in the App Store.

Apple has gone on record with Reuters on the issue, stating that developers who abuse the enterprise certificates are in violation of Apple's Enterprise Product Development Program Agreement, and those certificates will be revoked or those developers will be permanently removed from the company's Developers Program if appropriate. In addition, it said it will require developers to immediately add two-factor identification to their accounts.

The abuse of business certificates first surfaced a few weeks ago, when it was discovered that Facebook used them to distribute an app to teenagers that would track their phone usage. Subsequently, it emerged that Google was also offering a similar app, with Apple moving to temporarily suspend the two companies' certificates. Both were forced to proceed with deleting these apps from their App Store listings in order to recover their certificates and avoid a bigger problem with their presence on Apple's online app store.