Apple’s Enterprise Developer Program Being Used by iOS Pirates to Distribute Hacked Apps

Hacked versions of iPhone apps such as Spotify, Minecraft and Pokemon Go have been distributed by software pirates who have hijacked Apple’s technology.

That’s according to a new report from Reuters, which explains that so-called enterprise developer certificates are being used to allow people to stream music without ads and get around fees and rules in games–meaning Apple and legitimate app makers are losing money.

Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox are tapping into the so-called enterprise developer certificates to distribute modified versions of popular apps. Apple introduced the program to let corporations distribute business apps to their employees without having to go through the App Store’s confirmation process.

Using these enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.

By doing so, the pirate app distributors are violating the rules of Apple’s developer programs, which only allow apps to be distributed to the general public through the App Store. Downloading modified versions violates the terms of service of almost all major apps.

Apple has no way of tracking the spread of modified apps but it can cancel the certificates if it finds misuse.

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely,” an Apple spokesperson told Reuters. “We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

Reuters notes that Apple has banned some of the pirates from the system after it contacted the company for comment last week. However, these pirates have been found to use different certificates and have become operational once again.