Hackers used Apple tech to put malicious apps on iPhones

Image Credit: Pixabay (Image credit: Image Credit: ParampreetChanana / Pixabay)

Software pirates have figured out how to bypass Apple's App Store to distribute hacked versions of popular paid apps including Spotify, Angry Birds, Pokemon Go, Minecraft and others to iOS users.

TutuApp, Panda Helper, AppValley and TweakBox are just a few of the illicit software distributors that have discovered how to use digital certificates to gain access to a program Apple instituted to allow enterprises to distribute their internal apps to employees without going through the App Store.

If this sounds familiar, it should because Facebook and Google were both recently caught misusing enterprise developer certificates to distribute their apps to consumers in a similar way that bypassed Apple's strict app review policy.

These pirate operations are using similar tactics to provide consumers with modified versions of popular apps that let them stream music without ads and get around fees and rules in games.

Pirate apps

Pirate app distributors are not only depriving Apple and app developers of revenue, they are also violating the rules of the iPhone maker's developer programs.

To make matters worse, the company has no way of tracking how its enterprise certificates are being handed out  or how many of its phones are using improperly modified apps but it does have the ability to cancel the certificates after finding they've been misused.

An Apple spokesperson provided more details on how these apps are in violation of its developer program to Reuters, saying:

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action.” 

Apple does have a countermeasure readied to deal with the blatant misuse of its enterprise certificates and the company will require two factor authentication to log into all developer accounts by the end of this month.

Via Reuters

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.