Welcome to the second English edition of zCupertino! During this past week:
- MacRumors investigation found the dates of the upcoming WWDC: June 3-7, in San Jose. You may think it’s developer-focused news, but don’t forget that during the conference, Apple regularly unveils new versions of their macOS and iOS systems, so it’s always interesting to watch.
- Apple released a funny video.
- Apple bought two companies: DataTiger, a digital marketing startup, and PullString, which builds voice recognition apps.
- Apple improved managing subscriptions for iOS from the version 12.1.4.
- Mozilla penned a letter, in which it calls for better standards for IoT devices.
And that’s just the intro! Read on for even more news from Cupertino! 🖖
iPhone & iPad
Enterprise certificate saga continues
We now know that Facebook’s Onavo VPN story was just the tip of the iceberg.
First of all, the TechCrunch team is on a three-week streak! I can’t wait to see - or rather I’m afraid to see - what they’re preparing for the next week. Their article published on Tuesday reveals pornography and real-money gambling apps that can be installed using the Enterprise Certificate - the same workaround Facebook used to offer Onavo.
TechCrunch found thousands of sites offering downloads of “sideloaded” Enterprise apps, and investigating just a sample uncovered numerous abuses. Using a standard un-jailbroken iPhone TechCrunch was able to download and verify 12 pornography and 12 real-money gambling apps over the past week that were abusing Apple’s Enterprise Certificate system to offer apps prohibited from the App Store. These apps either offered streaming or pay-per-view hardcore pornography, or allowed users to deposit, win and withdraw real money — all of which would be prohibited if the apps were distributed through the App Store.
As if that was not enough, this Reuters report states that enterprise certificates are being used for more than just sideloading gambling and pornography apps. Software pirates are distributing many popular titles this way, such as Spotify or Minecraft, among others.
Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue. (…)
After Reuters initially contacted Apple for comment last week, some of the pirates were banned from the system, but within days they were using different certificates and were operational again.
It is really surprising that Apple didn’t know about it. On the other hand, the whole point of an enterprise certificate is to avoid submitting an app to the App Store, resulting in the app not being reviewed by Apple. I’m pretty sure Apple is working on new regulations for this distribution channel, as well as mechanisms for detecting developers who are violating the rules. As Reuters reports, one of such improvement is the requirement of two-factor authentication for all developer accounts. Time will tell how and if it’s going to work.
When Nintendo released Super Mario Run on iOS back in 2016, I didn’t really understand why the game requires constant Internet connection. Sure, the same requirement seems to make sense for Android, but iOS? After the revelations of Reuters, it all makes sense now.