“App pirates are letting you download free versions of paid iPhone apps by taking advantage of a quirk in Apple’s iTunes approval process,” Jose Pagliery reports for CNNMoney. “The pirated app website, vShare, even works on iPhones that aren’t ‘jailbroken.’ Traditionally, the only way to install an app from outside the official app store is to jailbreak your iPhone. But vShare has figured out how to get around that, according to cybersecurity firm Proofpoint and several other researchers contacted by CNNMoney.”
“Apple lets corporations create their own internal apps for employees. If a company pays $299 per year and joins the Apple Developer Enterprise program, its apps get a special, trusted certificate. Those apps don’t make it to the official App Store, so they aren’t reviewed by Apple itself. But your iPhone is allowed to download them anyway, because Apple servers vouch for that certificate,” Pagliery reports. “According to Proofpoint, vShare pirates managed to get their hands on several Apple enterprise certificates, using them to create a vShare app. The vShare app is itself a portal to an app store of its own.”
“On vShare, the most frequently downloaded iOS apps are nearly all free, pirated versions of top paid apps on the real iTunes App Store,” Pagliery reports. “It’s unclear how many times pirated copies of games like ‘Minecraft: Pocket Edition’ or ‘Geometry Dash’ have been illegally downloaded. But those apps have been ‘liked’ by downloaders more than 1.4 million times. On Apple’s app store, Minecraft sells for $6.99, and Geometry Dash costs $1.99.”
“Proofpoint said it noticed that vShare has been cycling through four different Apple-issued certificates to pull off its feat, and Proofpoint reported the issue to Apple,” Pagliery reports. “On Tuesday night, CNNMoney was still able to download the vShare app onto an iPhone 6 running iOS 8.4, but the app was unable to install, indicating that Apple might have already revoked at least one of its certificates.”
Read more in the full article here.
MacDailyNews Take: Who knows what’s actually in those pirated games? Malware payloads? Could be anything really. It’s certainly not worth risking your personal data in order to