Porn and Gambling Apps Avoiding the App Store Through Enterprise Certificates

Josh Constine was the TechCrunch editor who revealed that Facebook and Google were both distributing privacy-abusing VPN apps to iOS users—something that wouldn’t fly in the App Store—by using their enterprise certificates (see “Certificate Wars: A Quick Rundown of Apple’s Dustup with Facebook and Google,” 1 February 2019). Now Constine has revealed that other developers are using enterprise certificates to publish porn and gambling apps outside the App Store. Enterprise certificates are intended for companies to test public apps internally and distribute internal-only apps, not to provide a way to sidestep App Store policies. The good news is that Will Strafach, the security expert who consulted on the original article, found no evidence that these newly discovered apps misappropriate data or contain any malware.

Read original article