Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple updates enterprise certificate rules to curb abusive apps

Google's Screenwise Meter, an app that took advantage of Apple's enterprise certificates' relaxed rules.

Apple has changed its rules governing the use of enterprise certificates by developers, giving it the ability to review apps under the scheme at any time and without warning, in order to prevent abuse of the program to circumvent the App Store's rules.

From the start of 2019, Apple was embarrassed by a series of issues relating to its enterprise developer certificates, which are meant to be used for internal apps within a company that are not meant to be distributed to consumers. The enterprise certificates enable apps to be sideloaded onto iOS devices like iPhones and iPads rather than through the App Store, including apps that have features that are not permitted on the App Store at all.

However, following the existence of apps from Facebook and Google that took advantage of the deeper access of the certificates to iOS functions and distributing them out to the public, as well as some unscrupulous developers using it to offer gambling and adult apps to consumers away from the App Store, Apple has decided to take action to curb these instances.

Under the new rules, revealed ahead of WWDC by developer Steve Moser in a now-deleted tweet uncovered by The Verge, the "Terms and Conditions" adds language enabling Apple to perform a more thorough review of questionable apps when it is made aware of their existence.

"You understand that Apple reserves the right to review and approve or reject any internal use application that you would like to deploy, at any time during the term of this agreement," the rules state. "If requested by Apple, you agree to fully cooperate with Apple and promptly provide such internal use application for such review."

In short, Apple can review to approve and reject any app at any moment, developers must cooperate with Apple during such reviews, and the developer must remove the app if it is rejected.

The addition of the new rules and the demand to remove apps deemed unworthy by Apple is likely a measure to avoid having to revoke an organization's certificate in its entirety. In the case of Facebook, Apple pulled the certificate due to one app using it being distributed to the public, but the action also deactivated all legitimate iOS apps using the certificate that the social network was using internally.



5 Comments

silverwarloc 6 Years · 26 comments

Facebook and Google will just find another way of circumventing these rules....cat, meet mouse.

genovelle 16 Years · 1481 comments

Facebook and Google will just find another way of circumventing these rules....cat, meet mouse.

Sounds pretty solid to me. If they find an app with questionable activity the requirement to cooperate with investing its actual use and the ability to require its removal or face account lockdown should cover an attempt to circumvent.  And now that they are finally under the spotlight for invading privacy by the public, they will hopefully avoid the temptation. 

mac_dog 16 Years · 1084 comments

And they (Apple) should revoke their certificate indefinitely if any company willfully violates the terms.

mr lizard 15 Years · 354 comments

Seems very nice of them. I think it would have been better to keep the status quo; if a developer abuses certs in the way Facebook did, pull the entire certificate. If that completely downs an organisations internal apps then so be it. Actions and consequences. 

nilokmo 1 Year · 1 comment

Now the enterprise account is not good to apply, many people do not have this kind of account,we are looking forward to buy ios enterprise account,the enterprise program in principle can let a lot of people(no limit) inside the company to use, while the iOS developer program can be published to the public.