After Facebook and Google had their Enterprise Certificates revoked by Apple, a new investigation by TechCrunch has revealed more companies exploiting the program for uses outside of the terms and conditions. Specifically, TC verified over two dozen gambling and porn apps that use the Enterprise Certificates to distribute their apps to non-employees, with thousands more likely doing the same. The publication also discovered just how easy it is to gain access to an Enterprise Certificate.
While the onus for using an Apple Enterprise Certificate properly falls on the company using it, it’s clear that Apple has work to do with improving how it enforces its policies. TC’s investigation into the matter found a dozen porn apps and a dozen gambling apps that have been distributed outside of the App Store and breaking the Enterprise Certificate policies.
While enforcing policies is important, TC notes just how easy it is to (falsely) obtain an Enterprise Certificate in the first place.
While TC was able to specially verify the two dozen porn and gambling sites by downloading them via the Enterprise Certificate program, it also discovered thousands of websites offering the same.
The report notes that Apple has taken action on some of the apps it discovered, but many of them are still available to download outside of the App Store.
With Apple’s commitment to security and user privacy, this Enterprise Certificate abuse is a very clear example of how it needs to take a more intentional approach with enforcing its policies.
As a user, be sure to steer clear of any companies that request you download their apps outside of the App Store unless you’re certain it’s a legitimate use of Apple’s Enterprise Certificate program.
