NEWS
NEWS
NEWS
Pirated app marketplace vShare uses Apple enterprise tools to let users install fake iOS apps
A report Wednesday revealed how a pirated app website called vShare uses stolen Apple enterprise certificates to allow its users to install free versions of top-paid iOS apps.
vShare, in operation since 2011 and based in Shanghai, according to public records, is an app market that claims to offer “massive genuine applications free to download” for both Android and iOS. Like pirated app services that have gone before it, vShare makes use of pirated enterprise certificates issued to apps via the Apple Developer Enterprise program to allow users to access its own app market and download apps without the need to first jailbreak their iOS device.
Apple issues enterprise certificates to companies that develop and deploy their own iOS apps for internal use, allowing them to bypass the normal iTunes App Store approval process and allowing employees to install enterprise apps from outside the official iTunes App Store.
Proofpoint, a Calif.-based cybersecurity firm, told CNNMoney that vShare obtained at least four enterprise certificates and used them to sign its own vShare app. The vShare app, once installed on an iOS device, then acts as a portal to the company’s illegal app market.
Proofpoint said it had informed Apple of its findings and attempts by CNNMoney to install the vShare app on Tuesday failed, indicating that Apple may have already revoked some, if not all, of the stolen enterprise certificates used by the service.
Despite the website’s claim of providing “genuine” apps, iOS apps available through the vShare marketplace are mostly free, pirated versions or straight copies of popular paid iOS apps available via the iTunes App Store. Specific download numbers are not available, but copies of popular iOS games like Minecraft: Pocket Edition and Geometry Dash have been “liked” by more than 1.4 million downloaders, all of whom got the games for free. On the iTunes App Store, Minecraft sells for $6.99, and Geometry Dash goes for $1.99.
Loss of revenue to legitimate app owners aside, installing apps from unofficial marketplaces potentially leaves smartphone users vulnerable to any number of security risks. Although a security researcher at Palo Alto Networks who investigated vShare in 2014 found no evidence of malware in the service’s pirated apps, these copied apps do not undergo the same checks for malicious code as apps in official app stores do; therefore, the potential for hackers to distribute malware exists.
Screenshot: SiliconANGLE via vShare
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
