Pirates reportedly use Apple certs to release hacked apps on iPhone
They've put out hacked versions of Spotify, Angry Birds, Pokemon Go and Minecraft, Reuters reported.
Pirates reportedly managed to get altered versions of popular apps onto the App Store.
Pirates used Apple's enterprise developer certificates to put out hacked versions of some major apps, a report said Thursday.
The altered versions of Spotify , Angry Birds, Pokemon Go and Minecraft make paid features available for free and remove in-app ads, according to Reuters, sucking revenue away from the app developers and Apple.
For example, the pirated Spotify blocks the ads that normally play when you listen with a free subscription and you can play the altered Minecraft for free (it normally costs $7 in the App Store). Some of the pirates reportedly offer paid subscriptions that let you access more stable versions of their modified apps.
The pirates appear to have figured out how to use digital certs to get around Apple's carefully policed App Store by saying the apps will be used only by their employees, when they're actually being distributed to everyone. They even managed to get around a ban by using different certs.
Apple will reportedly take steps to fight back by requiring all app makers to use its two-factor authentication protocol from the end of February, so logging into an Apple ID will require a password and code sent to a trusted Apple device.
Apple and Spotify (which is cracking down on ad blockers) declined to comment, while the other companies alluded to their protection efforts.
"Rovio takes the protection of its intellectual property rights very seriously," a company spokesperson wrote in an emailed statement. "When we do see infringements, we work actively with our partners to take action, for the benefit of both our player community and Rovio as a business."
A Niantic spokesperson said it's "committed to maintaining the state of Pokemon Go" and its community.
"Those who violate Niantic's terms of service (including by use of unauthorized third party apps or software) may have their account banned. While we cannot discuss the systems implemented, we can confirm that we are constantly refining new ways to ensure the integrity of the game in order to keep it fun and fair for all players," it said in a statement via email.
Mojang didn't respond to a request for comment.
Last month, Apple briefly pulled enterprise certificates from both Facebook and Google after discovering that the companies used them as market research apps that gathered people's data.
First published Feb. 14 at 4:38 a.m. PT.
Updated at Feb. 18 at 7:03 a.m. PT: Adds Niantic and Rovio comment.
