Apple's Enterprise Certificates Are Used To Develop Spyware Apps

Apple's Enterprise Certificates Are Used To Develop Spyware Apps


Apple's Enterprise Certificate Program falls into more trouble as a recent report suggests that some group of professional developers have used the platform to develop a spyware app, capable of extracting data from user’s iPhone. 

Primarily, the program was introduced to make enterprise customers build and distribute customized apps, that were also not obliged to follow the App Store's content guidelines. This also allowed apps to have access over all sorts of data within an iOS device but the only rule of the program was, that the app should be used within the organization. 

This resulted into an opportunity for many fraudulent developers, where they started distributing unsafe apps on the App store by taking advantage of the Enterprise Certificate system.

The latest in the list includes a stalkerware app that exists on a user’s device as carrier assistance app but it is capable of acquiring contacts, audio recordings, photos and video, real-time location data, or can even spy on conversations done with the infected iPhone. 

It was first discovered by a mobile security firm, Lookout, who stated that the app was being used for mobile networks in Italy and Turkmenistan. The app is developed by Connexxa, who are known for creating surveillance. Their last work was widely appreciated in which they created Exodus, based on Android for Italian authorities. 

Further investigations revealed that both the iOS and Android apps were linked to the same backend with pinned certificates. 

As soon as Apple got to know about the app's unauthorized activity, they revoked the app's certificate, which caused the app to stop functioning. However, in all the process, the company is yet to find out that how many of iOS users were targeted in this scam.


Apart from this, some researchers have also discovered that developers are abusing the platform even more by offering apps that are usually banned from the app store e.g. porn and gambling apps. Moreover, this has also made hacked versions of the popular apps go viral in which users can stream music without any subscription fees, block advertisements or even enjoy in-app purchases without any charges. 

While the misuse of Apple’s Enterprise Certificate Program is becoming an issue with every passing day, Tim and his company will have to take desperate measures to protect the privacy of its users and promote safer environment on the app store.


Photo: Jaap Arriens / NurPhoto / Getty

Comments

Popular posts from this blog