back to article Forbidden fruit of smut, gambling iOS apps found flourishing using Apple enterprise certs

Fancy that. Days after Apple suspended Facebook and Google for abusing Apple's enterprise developer privileges, Apple has been found to be permitting dozens of dubious apps to misuse its enterprise certificates. An enterprise certificate, part of the $299-a-year Developer Enterprise Program, allows an organisation to …

  1. Anonymous Coward
    Anonymous Coward

    I don't think Apple can effectively oversee who qualifies as a "business"

    If you make the hurdle too high (like having a DUNS ID) you will disqualify the smaller players.

    They clearly need to get a handle on this as it is being abused, but there are probably better ways. One might be to include a click through agreement that attests you are an employee when you install the certificate, along with a "report" button you can click if you are induced to install software that tells you you need to click OK as part of the process and lie about your status as an employee.

    Even if 99 out of 100 people looking for a porn or gambling app will happily click OK saying they are an employee to get access to the app, all you need are a few people who say "hold on" and click report. Then Apple can follow up with them about how they got the certificate and revoke it. These illegitimate app purveyors would have to carefully screen their customers to insure they are equally as unscrupulous to avoid the risk of someone hitting the 'report' button.

    1. gnasher729 Silver badge

      Re: I don't think Apple can effectively oversee who qualifies as a "business"

      I needed a DUNS ID for my hobby app in the app store, and got it for free, with no problems, so this isn't exactly what you'd call a "hurdle".

      And we are talking about an "enterprise license" here. To distribute apps in your enterprise. Which is pointless for companies with less than 100 employees, because you can do that as an ordinary developer.

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't think Apple can effectively oversee who qualifies as a "business"

        OK granted if getting a DUNS ID is easier/cheaper than I thought - but then it isn't much of a hurdle either and wouldn't prevent someone from doing this.

        So we're back to needing a way for end users to report this to Apple so they can revoke the certificates. Because I don't see a way for Apple to try to police it themselves, since they don't have any part in the transaction aside from issuing the enterprise certificate, and iOS allowing end users to install that enterprise certificate.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021