Is AppValley safe

Reuters: Software pirates abuse Apple's enterprise developer certificates

Software pirates apparently use a function intended for companies to distribute hacked versions of popular iOS apps such as Spotify, Angry Birds, Pokemon Go and Minecraft to iPhones. They abuse developer certificates that Apple issues for companies that want to bypass the app store to provide their employees with their own apps.

As reported by the Reuters agency, the TutuApp, Panda Helper, AppValley and TweakBox marketplaces, among others, use this method. For example, the apps they hacked are able to stream music or break the rules of games for free and without ads. In addition, they deprive Apple and the actual providers of the apps from sales that they would normally generate via the App Store.

Apple's rules for enterprise developers, however, prohibit the distribution of apps outside of your own company or to the public. Facebook and Google recently stumbled across this rule. Both had provided apps developed for marketing purposes with their enterprise signature and passed them on to external users. After the abuse became known, Apple temporarily withdrew their certificates from both companies, which in each case resulted in internal, rule-compliant apps no longer working.

According to the report, Apple has no way of tracking the spread of its enterprise certificates or even stopping the distribution of the modified apps to iPhones. The TutuApp, Panda Helper, AppValley and TweakBox marketplaces are said to use certificates from third parties, including a subsidiary of the Chinese mobile operator China Mobile. However, if abuse is detected, Apple can withdraw the certificates.

“Developers who abuse our company certificates are violating the Apple Developer Enterprise Program Agreement and will lose their certificates. And if necessary, they will be completely removed from our developer program, ”an Apple spokesman told Reuters. "We are constantly evaluating cases of abuse and are ready to take immediate action."

According to Reuters, Apple was informed of the problem last week. As a result, some accounts were blocked by software pirates. However, they would have obtained new certificates within a few minutes and continued their operations. "Nothing prevents these companies from continuing that with another team or another developer account," Amine Hambaba, Head of Security at Shape Security, is quoted in the report.

The providers of the affected apps have initiated countermeasures. Spotify has now prohibited any measures to prevent advertising from being displayed in the app. Niantic said it regularly bans users of pirated apps that cheat.

The financial damage incurred by the providers is difficult to assess. An app like Minecraft, which is available for free from TutuApp, costs 6.99 dollars on a regular basis. The software pirates, in turn, are rewarded for their "VIP" versions of the said apps with an annual fee of 13 dollars or more. According to Reuters, they have more than 600,000 followers on Twitter.