11
Feb
2019

How gambling and porn apps sneak their way past Apple’s strict App Store review process

It’s not just Google and Facebook: some smaller developers are openly abusing Apple’s Enterprise Certificate program too by disguising their gambling and pornography apps as legitimate offerings meant for companies that distribute employee-only apps on App Store.

An investigation conducted by TechCrunch uncovered at least a dozen hardcore pornography apps and a dozen real-money gambling apps that have escaped Apple’s oversight.

Developers passed Apple’s weak Enterprise Certificate screening process or piggybacked on a legitimate approval, allowing them to sidestep the App Store and Apple’s traditional safeguards designed to keep iOS family friendly. Without proper oversight, they were able to operate these vice apps that blatantly flaunt Apple’s content policies.

While the iPhone maker appears to have disabled some of these apps in the past few days, many remain operational.

This proves further that even though Apple has done a lot to screen App Store submissions, it has also neglected its responsibility to police the Enterprise Certificate program.

Real-money gambling apps openly advertise that they have iOS versions on App Store.

As you know, the Cupertino company does not accept pornography and gambling apps. The following passage explains Apple’s failures in adequately enforcing its own Enterprise Certificate policies.

Developers simply have to fill out an online form and pay $299 to Apple, as detailed in this guide from Calvium. The form merely asks developers to pledge they’re building an Enterprise Certificate app for internal employee-only use, that they have the legal authority to register the business, provide a D-U-N-S business ID number and have an up to date Mac.

You can easily Google a business’ address details and look up their D-U-N-S ID number with a tool Apple provides. After setting up an Apple ID and agreeing to its terms of service, businesses wait one to four weeks for a phone call from Apple asking them to reconfirm they’ll only distribute apps internally and are authorized to represent their business.

With just a few lies on the phone and web plus some Googleable public information, sketchy developers can get approved for an Apple Enterprise Certificate.

All told, the TechCrunch investigation has uncovered “thousands of sites” offering downloads of sideloaded enterprise apps.

Using a standard un-jailbroken iPhone. TechCrunch was able to download and verify 12 pornography and 12 real-money gambling apps over the past week that were abusing Apple’s Enterprise Certificate system to offer apps prohibited from the App Store.

These apps either offered streaming or pay-per-view hardcore pornography, or allowed users to deposit, win, and withdraw real money—all of which would be prohibited if the apps were distributed through the App Store.

The editors employed to screen apps for general consumers are different from those reviewing enterprise apps, but that doesn’t explain Apple’s failure to catch and block these apps.

“Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in Facebook’s case to protect our users and their data,” Apple recently said commenting on the fact that Facebook had been using their certificate membership to distribute a data-sucking app to unsuspecting consumers.

If appropriate, Apple continued, a developer may even get removed from Apple’s Developer Program completely as a result of their misconduct. “We are continuously evaluating the cases of misuse and are prepared to take immediate action,” it said.

How do you feel about this?

Let us know in the comments down below.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.