It's not so much a breakout, more a sort of bending of the rules. After Google and Facebook were shamed by Apple because they misused their enterprise developer certificates, it now appears that the practice is fairly common.
You can shout the headline "sleazy programmers install malware, porn and pirated apps on innocent iPhones" which is what other news sources have been doing but... It is so much more complicated. It is true that people have been using developer certificates to sell apps outside of the App Store, and this is a bad thing, but it's bad because the code is bad, malware and pirated, not that the action of distributing software outside of a central control is bad - how could it be?
Apple has a problem. It locks down the iPhone using public key cryptography so that only programs that are downloaded from the App Store can run. This is OK, but not everyone wants to make apps available via the App Store. Companies want to develop apps for their own use. They don't even want to submit apps to Apple to have them examined before they are placed in the App Store. An app might have so much commercial value to a company that it is mission critical.
So Apple allows companies to join the Developer Enterprise Program for 299ドル per year. For this you get a number of certificates, including one that lets you distribute your apps to your employees. Of course, there is no way for Apple to check who you distribute the apps to and this is the back door out of the App Store that is being exploited.
Notice that this is not a technological hack. No one has managed to forge an Apple certificate, or if they have they are keeping quiet about it. People are posing as companies and obtaining certificates and then using them for something other than internal distribution. This seems like a big hole in Apple's security and there doesn't seem to be too much that can be done other than punish anyone found crawling thought the hole.
What Apple has done is to make two-factor authentication mandatory for any developer signing in. Of course, only Apple devices can be used to get the code that Apple sends to the developer, but then what else would you expect? What good does two-factor authentication do? Not much. It proves that the developer concerned actually did sign the code that is being distributed outside of the App Store. It cannot be as easily claimed that someone stole the log in details.
A second, possibly more effective defence, is that companies applying for any sort of developer account now have to have a DUNS number. This basically means that Apple is using Dun & Bradstreet to verify that companies are who they say they are. As a more technological verification, they also now demand that you have a website and that its domain name has to be associated with the organization.
I wonder how long it will take to find ways round these two minor checks.
At the bottom of it all, Apple is trying to do the impossible - to make devices secure and to allow companies to freely access them.
More to the point, we need to look at the idea of "free access" to any Apple device. If an app is mission critical to your company do you really want to give a third party - Dun & Bradstreet or Apple - the ability to pull the plug on it? It seems to me that this is corporate madness and, as Google and Facebook found out, the license can be revoked. .
More Information
Fear and Loathing In The App Store
- Apple Drops Bitcoin App
- Apple Rejects App For Being Too Simple
- Banned For Life
- When Apps Vanish
- Apple Doesn't Want Amateur Hour
- Apple's Reasons For Rejection
- Google Wants Everyone To Know Where You Live
- Apple Takes Down Innovative App
- The EFF Refuses Apple's Conditions
- Firefox Gets A Walled Garden
- Apple Is Watching
- Apple Punishes IFixit
- Fear And Loathing In the App Store 13 - Apple Rejects Gravity
- Apple Rejects F.lux And It Isn't Even In The App Store!
- Apple Bans F.lux And Then Duplicates It
- App Store Income Dashed With No Appeal
- The Strange Case Of AdNauseam
- Apple Bans Templated Apps
- Apple Rejects Net Neutrality App
- Apple Stops Crypto Currency Mining App
- Oracle Owns JavaScript and Apple Pulls App
- Apple Revokes Facebook's Developer Certificate
- Is The Walled Garden About To Close Around MacOS?
- Apple Promotes Own Apps Before Yours
- Developer's Facility Used To Create Open Apple App Store
- Devs Finally Angry At Apple's App Store.
- Epic Games V Apple - Smash The App Store
Epic Games CEO Finally Notices That UWP Apps Are A Walled Garden
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
W3C Adopts A New Logo
31/10/2025
The World Wide Web Consortium (W3C) is rolling out a new logo following the release of strategic objectives to support W3C's roadmap and the formation in 2023 of W3C as a non-profit, public-interest o [ ... ]
GitHub Announces Agent HQ Organizer
10/11/2025
GitHub has launched Agent HQ, a tool for managing multiple AI coding agents into a single platform. GitHub says that over the next few months, coding agents from Anthropic, OpenAI, Google, Cognition, [ ... ]
- Formae Launched As Terraform Alternative
- The Pico Gets Zephyr And Rust Support
- .NET 10, C# 14 and F# 10 Released Alongside Visual Studio 2026
- OpenCode - The Claude Code Alternative
- TestSprite 2.0 Sees User Growth
- Eclipse Foundation Adds Agentic Functionality To Eclipse LMOS
- Visual Studio Adds Planning Mode To Copilot
- Qodana Revisited
- The Fuss About Fil-C...
- Robotic Gut Spider For Exploring Digestive Tract
- Memgraph Adds AI Graph Toolkit
- Apple Extends Bug Bounty Program
- Codacy Provides Free AI- Risk Assessment
Comments
or email your comment to: comments@i-programmer.info