Are Apple’s Apps Secure From Apple’s Itself?
The new iOS 14 OS version, which is still in its beta, has grabbed headlines for giving users information whenever an app tries to access major components of their devices or access their data. From LinkedIn to Instagram, a lot of high profile apps have faced embarrassment when users pointed out that these apps have been accessing sensitive features like the phone’s camera and clipboard data, both when the app is in use and even when it’s not in use.
This new OS version is being hailed as perhaps the biggest step in ensuring that users have control over the information they share with their apps. But what most don’t know that not too far from the conventional framework in which this new OS works, there is a seedy underbelly that allows app developers to completely bypass all kinds of app store restrictions by Apple and continue on unabated on whatever they deem right.
For Just $299, You Can Bypass Apple’s App Store Restrictions Completely:
The Apple Developer Enterprise Program is a special developer’s suite available for just $299 at Apple. Notice something fishy here? Nothing right? This Developer’s suite is similar to the one offered by Apple for standard or conventional app development, i.e. the one that powers the apps that you see on Apple’s App Store. Still don’t notice anything suspicious or wrong here? This specialized developer’s suite allows developers to develop and distribute apps on iPhones without ever making these apps go through any sort of Apple app store review. Now, this sounds really fishy, right?
Well, this developer’s suite wasn’t created by Apple for allowing developers to pursue any nefarious purposes. It was meant to allow companies to either test an app with its internal employees or provide companies with a way to make apps for internal purposes i.e. like creating an app that’s for workplace use only and allows employees to order lunch in the cafeteria, utilize the firm’s shuttle service, etc.
But this developer’s suite has long been seen as one of the weakest points of Apple’s robust security mechanisms, as there have been widespread cases of it being utilized to create a dark, landscape of apps for purposes like porn, gambling, etc. i.e. purposes that would never be allowed on a conventional app store.
If you are making an analogy here with the dark web, then you won’t be quite far off. The Enterprise program for developers has led to apps proliferating the digital landscape out there that seem to undermine everything Apple stands for. Neither is the purpose of the developer behind these apps ever clear and neither their business model.
You can find almost anything and everything here, only if you know where to look and how to go about using it. From the “Free Spotify” to “Free Minecraft”, there are rip-offs of conventional apps galore on this landscape.
TutuApp – The App Store For All Free Apps With A Twist:
Want access to the free version of most paid apps just like how people search for Torrents to access pirated movies and software online? It’s easy! Side-load the TutuApp store on your iPhone.
But wait! This app store, which appears increasingly well designed, complete with a reviewing mechanism and top app recommendations just like a regular app store has, is not an “Official” app store.
TutuApp needs to be side-loaded on your iPhone and to access most of the apps in that app store, you will be required to grant permission to this app store to install an Enterprise Certificate on your iPhone. Now, they also offer you with a few “numbers”, thereby sidestepping the security mechanisms Apple adapted to such kind of abuse of its developer’s suite for internal company app testing.
Some of these apps are admittedly terrible and in no way similar to the original ones they try to mimic, but the existence of such an app store and its daring ability to offer such apps is reason enough for iPhone users to be worried.
And it isn’t that the TutuApp tries to hide and you have to into a very intense search mode to find it. It operates a very popular Twitter handle with more than 225K followers as of August 10, 2020.
The app store has some pretty creepy looking apps like the one titled “Facebook++”. If you follow the breadcrumb trail for this app from TutuApp’s store and search for UnlimApps i.e. the app’s developers, you will find that that this app will offer you loads of features on Facebook that are not available to users of the conventional app like removing the limit to send 6 or less photos in one message, disable read receipts, disabled typing receipts, etc.
This might appear interesting to you, but don’t go about downloading it or any other apps at all on the TutuApp for just one reason i.e. you don’t know what these apps track and how exactly do they intend to make money from you. In short, none of these apps on TutuApps are trustworthy at all, but they are still there, operating in plain sight and probably siphoning valuable data from millions of user devices even right now.
Has Apple Done Anything To Stop This Abuse?
When iPhones first came around, jailbreaking instantly became popular as a way of using apps that weren’t available on Apple’s App Store. But with time, jailbreaking became less and less potent, not because it could allow you to side-load apps, but because going down that route meant forgoing access to Apple’s whole ecosystem.
To jailbreak your iPhone, you effectively had to install an altered version of the iOS you were currently using. Apple’s walled garden approach, where all kinds of services like the conventional app store, data storage in iCloud, etc. that are vital to iPhone users are present, stopped users from going down the jailbreak route.
However, the Apple Enterprise Developer Program and the seedy underbelly of apps it inadvertently allows to flourish is not that easy to control for Apple.
Apple did induce a lot of restrictions on using the Enterprise Developer Programs once such stores were broken about it last year by the likes of Reuters. These restrictions included adding two-factor authentication to use the apps created through this developer’s suite, the requirement for the firm to be a registered legal entity among others.
On the face of it, these restrictions seem like they are good enough to deter such widespread abuse of the Enterprise developer’s suite, but the presences of cases where dubious apps were found to be linked with legitimate companies that had absolutely no purpose in building them or even being related to app development and testing and the continued operation of dubious app stores like TutuApp signify that these restrictions don’t do much to deter such malicious app developers form operating.
It seems like the time till this Enterprise Developer’s Suite is available to firms for internal company use, these apps and the app stores will continuously find a way to sidetrack Apple’s restrictions and leverage the Enterprise certificate issued to them to run their operations.
For the question as to whether Apple’s apps are secure from itself or not, the answer lies in Apple’s inability to yet introduce a system outside of its conventional app development environment to stem the development and distribution of seedy iOS apps that will guarantee user privacy on all fronts once they are using Apple’s devices and its proprietary OS.
Jane Collen is an author for various top publications on topics related to app development, tech industry trends, digital security, and video marketing. She currently is working as a content consultant with an iOS app development company based in the USA. Her personal interests include investigating the unconventional practices in the digital world, connecting with top authors and influencers and reading up on the challenges of industry 4.0.