

A report Wednesday revealed how a pirated app website called vShare uses stolen Apple enterprise certificates to allow its users to install free versions of top-paid iOS apps.
vShare, in operation since 2011 and based in Shanghai, according to public records, is an app market that claims to offer “massive genuine applications free to download” for both Android and iOS. Like pirated app services that have gone before it, vShare makes use of pirated enterprise certificates issued to apps via the Apple Developer Enterprise program to allow users to access its own app market and download apps without the need to first jailbreak their iOS device.
Apple issues enterprise certificates to companies that develop and deploy their own iOS apps for internal use, allowing them to bypass the normal iTunes App Store approval process and allowing employees to install enterprise apps from outside the official iTunes App Store.
Proofpoint, a Calif.-based cybersecurity firm, told CNNMoney that vShare obtained at least four enterprise certificates and used them to sign its own vShare app. The vShare app, once installed on an iOS device, then acts as a portal to the company’s illegal app market.
Proofpoint said it had informed Apple of its findings and attempts by CNNMoney to install the vShare app on Tuesday failed, indicating that Apple may have already revoked some, if not all, of the stolen enterprise certificates used by the service.
Despite the website’s claim of providing “genuine” apps, iOS apps available through the vShare marketplace are mostly free, pirated versions or straight copies of popular paid iOS apps available via the iTunes App Store. Specific download numbers are not available, but copies of popular iOS games like Minecraft: Pocket Edition and Geometry Dash have been “liked” by more than 1.4 million downloaders, all of whom got the games for free. On the iTunes App Store, Minecraft sells for $6.99, and Geometry Dash goes for $1.99.
Loss of revenue to legitimate app owners aside, installing apps from unofficial marketplaces potentially leaves smartphone users vulnerable to any number of security risks. Although a security researcher at Palo Alto Networks who investigated vShare in 2014 found no evidence of malware in the service’s pirated apps, these copied apps do not undergo the same checks for malicious code as apps in official app stores do; therefore, the potential for hackers to distribute malware exists.
THANK YOU