Porn and gambling apps abuse Apple's Enterprise Certificates process to avoid App Store ru...

Posted:
in iOS edited February 2019
Major tech companies like Facebook and Google are not the only ones taking advantage of Apple's Enterprise Certificate program, as a report has discovered apps dedicated to pornography and gambling are using the system to bypass Apple's App Store content guidelines.

Apps providing access to pornography abuse Apple's Enterprise Certificates program (via TechCrunch)
Apps providing access to pornography abuse Apple's Enterprise Certificates program (via TechCrunch)


Apple's offering of the Enterprise Certificate program to allow companies to issue apps to employees gives firms an easy way to distribute apps without passing through all of Apple's public processes. The system, however, is still being abused by companies that would not normally appear in the App Store due to the services they provide.

An investigation by TechCrunch reveals there are numerous apps that have sidestepped the App Store approval process, by going through the Enterprise Certificate program instead. By going around, the apps, which offer services ranging from porn to gambling, don't have to abide by the App Store rules, which would instantly have turned them down.

The investigation also notes that, while it is possible to set up the Enterprise Certificate with genuine data, some entities are going further and are taking advantage of the relatively relaxed process to join the program to hide their identity, by using another firm's details. The form requires data that is easily found on Google, such as a business address, as well as a D-U-N-S ID number via an Apple-supplied tool that can also be used to discover one used by a legitimate company.

In the investigation, it was found that 12 porn and 12 real-money gambling apps using the Enterprise Certificate process were able to be installed onto a standard un-jailbroken iPhone. Both forms of apps are banned under the App Store guidelines.

An Apple statement advises "Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action."

The discovery follows reports Facebook and Google both abused the same certificates process to provide apps to end users that were not strictly allowed under the App Store rules. Both firms found their access revoked then restored, with Facebook seemingly affected more than expected by Apple's quick culling of access due to all legitimate internal apps being disabled at the same time.

Comments

  • Reply 1 of 13
    And now they’ll have their certificates revoked.

    Not much Apple can do about this except to revoke certificates and permanently ban the company as soon as they spot a violation.
    jahbladeracerhomie3jbdragonmagman1979watto_cobra
  • Reply 2 of 13
    olsols Posts: 50member
    By all means i like to see these companies removed from any apple device, period.

    I wonder why some companies get their certificates revoked like forever and other companies like google and Facebook get theirs reinstated?
    jbdragonmagman1979watto_cobra
  • Reply 3 of 13
    We need to know what apps are falling afoul Apple’s guidelines...for scientific reasons, of course...
    jbdragonboltsfan17watto_cobra
  • Reply 4 of 13
    We need to know what apps are falling afoul Apple’s guidelines...for scientific reasons, of course...
    Haha...for scientific purposes I searched for the app (PPAV) that's shown in the article but didn't find it. Must only be available in China. 
    watto_cobra
  • Reply 5 of 13
    anomeanome Posts: 1,533member

    I've never been a fan of the "no 'adult' content" rule for iOS, but it's Apple's store they can make whatever rules they want. (And, IMO, no rude stuff isn't enough to switch to Android.) And if these apps are in violation of their Enterprise Certificate rules, then they should be revoked.

    So how does this affect the apps that are basic content viewers, but are being advertised as being ways to access "adult" content? Are they using Enterprise Certificates, or just being vague enough to skirt the content policies? (I wouldn't know, I've never downloaded any of them.)

    watto_cobra
  • Reply 6 of 13
    bluefire1bluefire1 Posts: 1,301member
    Instead of censorship, I wish Apple had a segregated "red light" app category for those 18 and older. 
    bonobobihatescreennames
  • Reply 7 of 13
    anome said:

    So how does this affect the apps that are basic content viewers, but are being advertised as being ways to access "adult" content? Are they using Enterprise Certificates, or just being vague enough to skirt the content policies? (I wouldn't know, I've never downloaded any of them.)

    You mean, like, Safari?
  • Reply 8 of 13
    Ooooof! All porn sites should be required to have the URL suffix, ".porn" so they can be blocked by parents, schools, etc. In fact, all devices should be sold with it blocked. :)
    watto_cobra
  • Reply 9 of 13
    bluefire1 said:
    Instead of censorship, I wish Apple had a segregated "red light" app category for those 18 and older. 
    Good idea. :)
  • Reply 10 of 13
    bluefire1 said:
    Instead of censorship, I wish Apple had a segregated "red light" app category for those 18 and older. 
    I presume you're talking only about censorship in America. You probably support Apple censoring apps in other countries to placate their dictators and allow Apple to sell products there (eg, China, Iran, etc.)
  • Reply 11 of 13
    bluefire1 said:
    Instead of censorship, I wish Apple had a segregated "red light" app category for those 18 and older. 
    I presume you're talking only about censorship in America. You probably support Apple censoring apps in other countries to placate their dictators and allow Apple to sell products there (eg, China, Iran, etc.)

    Why do you assume something about someone? It just makes you an ass.
    watto_cobra
  • Reply 12 of 13
    anome said:

    I've never been a fan of the "no 'adult' content" rule for iOS, but it's Apple's store they can make whatever rules they want. (And, IMO, no rude stuff isn't enough to switch to Android.) And if these apps are in violation of their Enterprise Certificate rules, then they should be revoked.

    So how does this affect the apps that are basic content viewers, but are being advertised as being ways to access "adult" content? Are they using Enterprise Certificates, or just being vague enough to skirt the content policies? (I wouldn't know, I've never downloaded any of them.)

    Blocking "content viewers" would require banning a whole host of apps that are currently allowed.  Like Chrome, Edge, and... Safari.
  • Reply 13 of 13
    anomeanome Posts: 1,533member
    anome said:

    So how does this affect the apps that are basic content viewers, but are being advertised as being ways to access "adult" content? Are they using Enterprise Certificates, or just being vague enough to skirt the content policies? (I wouldn't know, I've never downloaded any of them.)

    You mean, like, Safari?
    Not like Safari, exactly, but there are a number of apps that are "magazine readers" or "video players" that don't really have much in the way of Family-Friendly content available (unlike Zinio, for example, which will sell you porn, but also has actual magazines as well). These are seemingly generic content viewers that only seem to have NSFW content availble for them.
Sign In or Register to comment.