appleinsider logo
Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple updates enterprise certificate rules to curb abusive apps

Google's Screenwise Meter, an app that took advantage of Apple's enterprise certificates' relaxed rules.

Apple has changed its rules governing the use of enterprise certificates by developers, giving it the ability to review apps under the scheme at any time and without warning, in order to prevent abuse of the program to circumvent the App Store's rules.

From the start of 2019, Apple was embarrassed by a series of issues relating to its enterprise developer certificates, which are meant to be used for internal apps within a company that are not meant to be distributed to consumers. The enterprise certificates enable apps to be sideloaded onto iOS devices like iPhones and iPads rather than through the App Store, including apps that have features that are not permitted on the App Store at all.

However, following the existence of apps from Facebook and Google that took advantage of the deeper access of the certificates to iOS functions and distributing them out to the public, as well as some unscrupulous developers using it to offer gambling and adult apps to consumers away from the App Store, Apple has decided to take action to curb these instances.

Under the new rules, revealed ahead of WWDC by developer Steve Moser in a now-deleted tweet uncovered by The Verge, the "Terms and Conditions" adds language enabling Apple to perform a more thorough review of questionable apps when it is made aware of their existence.

"You understand that Apple reserves the right to review and approve or reject any internal use application that you would like to deploy, at any time during the term of this agreement," the rules state. "If requested by Apple, you agree to fully cooperate with Apple and promptly provide such internal use application for such review."

In short, Apple can review to approve and reject any app at any moment, developers must cooperate with Apple during such reviews, and the developer must remove the app if it is rejected.

The addition of the new rules and the demand to remove apps deemed unworthy by Apple is likely a measure to avoid having to revoke an organization's certificate in its entirety. In the case of Facebook, Apple pulled the certificate due to one app using it being distributed to the public, but the action also deactivated all legitimate iOS apps using the certificate that the social network was using internally.