Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Porn and gambling apps abuse Apple's Enterprise Certificates process to avoid App Store rules

Apps providing access to pornography abuse Apple's Enterprise Certificates program (via TechCrunch)

Last updated

Major tech companies like Facebook and Google are not the only ones taking advantage of Apple's Enterprise Certificate program, as a report has discovered apps dedicated to pornography and gambling are using the system to bypass Apple's App Store content guidelines.

Apple's offering of the Enterprise Certificate program to allow companies to issue apps to employees gives firms an easy way to distribute apps without passing through all of Apple's public processes. The system, however, is still being abused by companies that would not normally appear in the App Store due to the services they provide.

An investigation by TechCrunch reveals there are numerous apps that have sidestepped the App Store approval process, by going through the Enterprise Certificate program instead. By going around, the apps, which offer services ranging from porn to gambling, don't have to abide by the App Store rules, which would instantly have turned them down.

The investigation also notes that, while it is possible to set up the Enterprise Certificate with genuine data, some entities are going further and are taking advantage of the relatively relaxed process to join the program to hide their identity, by using another firm's details. The form requires data that is easily found on Google, such as a business address, as well as a D-U-N-S ID number via an Apple-supplied tool that can also be used to discover one used by a legitimate company.

In the investigation, it was found that 12 porn and 12 real-money gambling apps using the Enterprise Certificate process were able to be installed onto a standard un-jailbroken iPhone. Both forms of apps are banned under the App Store guidelines.

An Apple statement advises "Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action."

The discovery follows reports Facebook and Google both abused the same certificates process to provide apps to end users that were not strictly allowed under the App Store rules. Both firms found their access revoked then restored, with Facebook seemingly affected more than expected by Apple's quick culling of access due to all legitimate internal apps being disabled at the same time.



13 Comments

ericthehalfbee 13 Years · 4489 comments

And now they’ll have their certificates revoked.

Not much Apple can do about this except to revoke certificates and permanently ban the company as soon as they spot a violation.

ols 6 Years · 51 comments

By all means i like to see these companies removed from any apple device, period.

I wonder why some companies get their certificates revoked like forever and other companies like google and Facebook get theirs reinstated?

macky the macky 15 Years · 4801 comments

We need to know what apps are falling afoul Apple’s guidelines...for scientific reasons, of course...

boltsfan17 12 Years · 2294 comments

We need to know what apps are falling afoul Apple’s guidelines...for scientific reasons, of course...

Haha...for scientific purposes I searched for the app (PPAV) that's shown in the article but didn't find it. Must only be available in China. 

anome 16 Years · 1545 comments

I've never been a fan of the "no 'adult' content" rule for iOS, but it's Apple's store they can make whatever rules they want. (And, IMO, no rude stuff isn't enough to switch to Android.) And if these apps are in violation of their Enterprise Certificate rules, then they should be revoked.

So how does this affect the apps that are basic content viewers, but are being advertised as being ways to access "adult" content? Are they using Enterprise Certificates, or just being vague enough to skirt the content policies? (I wouldn't know, I've never downloaded any of them.)