Word of a fairly well known pirated app service called vShare hit mainstream media outlets on Wednesday as part of a CNNMoney feature, which said the nefarious firm leverages Apple's own enterprise tools to distribute free versions of top paid iOS titles without requiring a jailbreak.
Thought to be run by Chinese owners located in Shanghai, the vShare App Market has officially been in operation since 2011 and is recognized in some jailbreaking circles as a go-to source for free apps. The service recently gained notoriety for compatibility with non-jailbroken iPhones and iPads running iOS 8 and above.
Like other recent pirated app services, vShare is built on Apple's enterprise licensing technology. Designed for corporations or other entities with large iOS device deployments, Apple Developer Enterprise certificates allow license holders to provision their own apps for internal distribution and download.
In the case of vShare, the service used purchased certificates to create a trusted app, available for download via the Web, that acts as a its own illegitimate app store. Security researchers at Proofpoint told CNNMoney that vShare obtained four Apple Developer Enterprise certificates to accomplish the task. Proofpoint has informed Apple of its findings.
As of this writing, attempts to install the vShare app on devices running iOS 8 or iOS 9 proved unsuccessful, suggesting Apple has revoked one or all of vShare's provisioned certificates.
vShare's impact on legitimate app sales is unknown, but today's report notes popular titles like Minecraft: Pocket Edition and Geometry Dash have been "liked" by more than 1.4 million downloaders.
Interestingly, vShare's terms of use includes a disclaimer regarding intellectual property rights, which notes the service will remove any app found to be in infringement of owned properties if provided with appropriate documentation. The terms also state, however, that vShare "assumes no responsibility for monitoring the Service."
25 Comments
Glad to see its been blocked. Disgusting thieves.
This is such a ridiculous method to try and distribute Apps. Apple can revoke enterprise certificates immediately upon discovering them effectively shutting down the service.
How would a site get word out to potential customers to download Apps without word getting back to Apple about a certificate being abused?
One should never use a different app store, it can only lead to trouble, malware and other security issues. I don't understand that people want to go that way. Even on Android where a single app store is not enforced, it is a bad idea to use an alternative app store.