NEWS
NEWS
NEWS
Pirated app marketplace vShare uses Apple enterprise tools to let users install fake iOS apps
A report Wednesday revealed how a pirated app website called vShare uses stolen Apple enterprise certificates to allow its users to install free versions of top-paid iOS apps.
vShare, in operation since 2011 and based in Shanghai, according to public records, is an app market that claims to offer “massive genuine applications free to download” for both Android and iOS. Like pirated app services that have gone before it, vShare makes use of pirated enterprise certificates issued to apps via the Apple Developer Enterprise program to allow users to access its own app market and download apps without the need to first jailbreak their iOS device.
Apple issues enterprise certificates to companies that develop and deploy their own iOS apps for internal use, allowing them to bypass the normal iTunes App Store approval process and allowing employees to install enterprise apps from outside the official iTunes App Store.
Proofpoint, a Calif.-based cybersecurity firm, told CNNMoney that vShare obtained at least four enterprise certificates and used them to sign its own vShare app. The vShare app, once installed on an iOS device, then acts as a portal to the company’s illegal app market.
Proofpoint said it had informed Apple of its findings and attempts by CNNMoney to install the vShare app on Tuesday failed, indicating that Apple may have already revoked some, if not all, of the stolen enterprise certificates used by the service.
Despite the website’s claim of providing “genuine” apps, iOS apps available through the vShare marketplace are mostly free, pirated versions or straight copies of popular paid iOS apps available via the iTunes App Store. Specific download numbers are not available, but copies of popular iOS games like Minecraft: Pocket Edition and Geometry Dash have been “liked” by more than 1.4 million downloaders, all of whom got the games for free. On the iTunes App Store, Minecraft sells for $6.99, and Geometry Dash goes for $1.99.
Loss of revenue to legitimate app owners aside, installing apps from unofficial marketplaces potentially leaves smartphone users vulnerable to any number of security risks. Although a security researcher at Palo Alto Networks who investigated vShare in 2014 found no evidence of malware in the service’s pirated apps, these copied apps do not undergo the same checks for malicious code as apps in official app stores do; therefore, the potential for hackers to distribute malware exists.
Screenshot: SiliconANGLE via vShare
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
