Hackers use Apple’s tech to distribute hacked versions of Spotify, Angry Birds and other top apps | HT Tech

Hackers use Apple’s tech to distribute hacked versions of Spotify, Angry Birds and other top apps

Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a programme Apple introduced to let corporations distribute business apps to their employees without going through Apple’s tightly controlled App Store.

By: REUTERS
| Updated on: Feb 14 2019, 09:19 IST
It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers.
It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers. (REUTERS)

Software pirates have hijacked technology designed by Apple to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones, Reuters has found.

Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a programme Apple introduced to let corporations distribute business apps to their employees without going through Apple's tightly controlled App Store.

You may be interested in

MobilesTablets Laptops
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
10% OFF
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.

Also read
Looking for a smartphone? To check mobile finder click here.

TutuApp, Panda Helper, AppValley and TweakBox did not respond to multiple requests for comment.

Apple has no way of tracking the real-time distribution of these certificates, or the spread of improperly modified apps on its phones, but it can cancel the certificates if it finds misuse.

Apple confirmed a media report on Wednesday that it would require two-factor authentication - using a code sent to a phone as well as a password - to log into all developer accounts by the end of this month, which could help prevent certificate misuse.

Major app makers Spotify Technology SA, Rovio Entertainment Oyj and Niantic Inc have begun to fight back.

Spotify declined to comment on the matter of modified apps, but the streaming music provider did say earlier this month that its new terms of service would crack down on users who are "creating or distributing tools designed to block advertisements" on its service.

Rovio, the maker of Angry Birds mobile games, said it actively works with partners to address infringement "for the benefit of both our player community and Rovio as a business."

Niantic, which makes Pokemon Go, said players who use pirated apps that enable cheating on its game are regularly banned for violating its terms of service. Microsoft Corp, which owns the creative building game Minecraft, declined to comment.

SIPHONING OFF REVENUE

It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers.

TutuApp offers a free version of Minecraft, which costs $6.99 in Apple's App Store. AppValley offers a version of Spotify's free streaming music service with the advertisements stripped away.

Security researchers have long warned that misuse of enterprise developer certificates, which act as digital keys that tell an iPhone a piece of software downloaded from the internet can be trusted and opened. They are the centerpiece of Apple's program for corporate apps and enable consumers to install apps onto iPhones without Apple's knowledge.

Apple last month briefly banned Facebook Inc and Alphabet Inc from using enterprise certificates after they used them to distribute data-gathering apps to consumers.

The distributors of pirated apps seen by Reuters are using certificates obtained in the name of legitimate businesses, although it is unclear how. Several pirates have impersonated a subsidiary of China Mobile Ltd. China Mobile did not respond to requests for comment.

Tech news website TechCrunch earlier this week reported that certificate abuse also enabled the distribution of apps for pornography and gambling, both of which are banned from the App Store.

Since the App Store debuted in 2008, Apple has sought to portray the iPhone as safer than rival Android devices because Apple reviews and approves all apps distributed to the devices.

Early on, hackers "jailbroke" iPhones by modifying their software to evade Apple's controls, but that process voided the iPhone's warranty and scared off many casual users. The misuse of the enterprise certificates seen by Reuters does not rely on jailbreaking and can be used on unmodified iPhones.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 14 Feb, 09:18 IST
NEXT ARTICLE BEGINS