Finance Ministry presents three new investor facilitation packages to PM to boost investment climate    Egypt, Bahrain explore deeper cooperation on water resource management    Egypt condemns Israeli offensive in Gaza City, warns of grave regional consequences    Cairo University, Roche Diagnostics inaugurate automated lab at Qasr El-Ainy    Egypt expands medical, humanitarian support for Gaza patients    Egypt investigates disappearance of ancient bracelet from Egyptian Museum in Tahrir    Egypt launches international architecture academy with UNESCO, European partners    African trade ministers meet in Cairo to push forward with AfCFTA    Egypt's President, Pakistan's PM condemn Israeli attack on Qatar    Egypt signs MoUs with 3 European universities to advance architecture, urban studies    Madrid trade talks focus on TikTok as US and China seek agreement    Egypt wins Aga Khan Award for Architecture for Esna revival project    Egypt's gold prices hold steady on Sep. 15th    Egypt's Sisi, Qatar's Emir condemn Israeli strikes, call for Gaza ceasefire    Egypt condemns terrorist attack in northwest Pakistan    Egypt advances plans to upgrade historic Cairo with Azbakeya, Ataba projects    Egyptian pound ends week lower against US dollar – CBE    Egypt hosts G20 meeting for 1st time outside member states    Egypt to tighten waste rules, cut rice straw fees to curb pollution    Egypt seeks Indian expertise to boost pharmaceutical industry    Egypt prepares unified stance ahead of COP30 in Brazil    Egypt harvests 315,000 cubic metres of rainwater in Sinai as part of flash flood protection measures    Al-Sisi says any party thinking Egypt will neglect water rights is 'completely mistaken'    Egyptian, Ugandan Presidents open business forum to boost trade    Egypt's Sisi, Uganda's Museveni discuss boosting ties    Egypt's Sisi warns against unilateral Nile measures, reaffirms Egypt's water security stance    Greco-Roman rock-cut tombs unearthed in Egypt's Aswan    Egypt reveals heritage e-training portal    Sisi launches new support initiative for families of war, terrorism victims    Egypt expands e-ticketing to 110 heritage sites, adds self-service kiosks at Saqqara    Palm Hills Squash Open debuts with 48 international stars, $250,000 prize pool    On Sport to broadcast Pan Arab Golf Championship for Juniors and Ladies in Egypt    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Germany among EU's priciest labour markets – official data    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Software pirates use Apple tech to put hacked apps on iPhones
Published in Amwal Al Ghad on 14 - 02 - 2019

Software pirates have hijacked technology designed by Apple Inc to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones, Reuters has found.
Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a program Apple introduced to let corporations distribute business apps to their employees without going through Apple's tightly controlled App Store.
Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.
By doing so, the pirate app distributors are violating the rules of Apple's developer programs, which only allow apps to be distributed to the general public through the App Store. Downloading modified versions violates the terms of service of almost all major apps.
TutuApp, Panda Helper, AppValley and TweakBox did not respond to multiple requests for comment.
Apple has no way of tracking the real-time distribution of these certificates, or the spread of improperly modified apps on its phones, but it can cancel the certificates if it finds misuse.
"Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely," an Apple spokesperson told Reuters. "We are continuously evaluating the cases of misuse and are prepared to take immediate action."
After Reuters initially contacted Apple for comment last week, some of the pirates were banned from the system, but within days they were using different certificates and were operational again.
"There's nothing stopping these companies from doing this again from another team, another developer account," said Amine Hambaba, head of security at software firm Shape Security.
Apple confirmed a media report on Wednesday that it would require two-factor authentication – using a code sent to a phone as well as a password – to log into all developer accounts by the end of this month, which could help prevent certificate misuse.
Major app makers Spotify Technology SA, Rovio Entertainment Oyj and Niantic Inc have begun to fight back.
Spotify declined to comment on the matter of modified apps, but the streaming music provider did say earlier this month that its new terms of service would crack down on users who are "creating or distributing tools designed to block advertisements" on its service.
Rovio, the maker of Angry Birds mobile games, said it actively works with partners to address infringement "for the benefit of both our player community and Rovio as a business."
Niantic, which makes Pokemon Go, said players who use pirated apps that enable cheating on its game are regularly banned for violating its terms of service. Microsoft Corp, which owns the creative building game Minecraft, declined to comment.
SIPHONING OFF REVENUE
It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers.
TutuApp offers a free version of Minecraft, which costs $6.99 in Apple's App Store. AppValley offers a version of Spotify's free streaming music service with the advertisements stripped away.
The distributors make money by charging $13 or more per year for subscriptions to what they calls "VIP" versions of their services, which they say are more stable than the free versions. It is impossible to know how many users buy such subscriptions, but the pirate distributors combined have more than 600,000 followers on Twitter.
Security researchers have long warned about the misuse of enterprise developer certificates, which act as digital keys that tell an iPhone a piece of software downloaded from the internet can be trusted and opened. They are the centerpiece of Apple's program for corporate apps and enable consumers to install apps onto iPhones without Apple's knowledge.
Apple last month briefly banned Facebook Inc and Alphabet Inc from using enterprise certificates after they used them to distribute data-gathering apps to consumers.
The distributors of pirated apps seen by Reuters are using certificates obtained in the name of legitimate businesses, although it is unclear how. Several pirates have impersonated a subsidiary of China Mobile Ltd. China Mobile did not respond to requests for comment.
Tech news website TechCrunch earlier this week reported that certificate abuse also enabled the distribution of apps for pornography and gambling, both of which are banned from the App Store.
Since the App Store debuted in 2008, Apple has sought to portray the iPhone as safer than rival Android devices because Apple reviews and approves all apps distributed to the devices.
Early on, hackers "jailbroke" iPhones by modifying their software to evade Apple's controls, but that process voided the iPhone's warranty and scared off many casual users. The misuse of the enterprise certificates seen by Reuters does not rely on jailbreaking and can be used on unmodified iPhones.
Source: Reuters


Clic here to read the story from its source.