Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Porn and gambling apps abuse Apple's Enterprise Certificates process to avoid App Store rules

Apps providing access to pornography abuse Apple's Enterprise Certificates program (via TechCrunch)

Major tech companies like Facebook and Google are not the only ones taking advantage of Apple's Enterprise Certificate program, as a report has discovered apps dedicated to pornography and gambling are using the system to bypass Apple's App Store content guidelines.

Apple's offering of the Enterprise Certificate program to allow companies to issue apps to employees gives firms an easy way to distribute apps without passing through all of Apple's public processes. The system, however, is still being abused by companies that would not normally appear in the App Store due to the services they provide.

An investigation by TechCrunch reveals there are numerous apps that have sidestepped the App Store approval process, by going through the Enterprise Certificate program instead. By going around, the apps, which offer services ranging from porn to gambling, don't have to abide by the App Store rules, which would instantly have turned them down.

The investigation also notes that, while it is possible to set up the Enterprise Certificate with genuine data, some entities are going further and are taking advantage of the relatively relaxed process to join the program to hide their identity, by using another firm's details. The form requires data that is easily found on Google, such as a business address, as well as a D-U-N-S ID number via an Apple-supplied tool that can also be used to discover one used by a legitimate company.

In the investigation, it was found that 12 porn and 12 real-money gambling apps using the Enterprise Certificate process were able to be installed onto a standard un-jailbroken iPhone. Both forms of apps are banned under the App Store guidelines.

An Apple statement advises "Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action."

The discovery follows reports Facebook and Google both abused the same certificates process to provide apps to end users that were not strictly allowed under the App Store rules. Both firms found their access revoked then restored, with Facebook seemingly affected more than expected by Apple's quick culling of access due to all legitimate internal apps being disabled at the same time.