UPDATED 02:18 EDT / DECEMBER 24 2015

NEWS

Pirated app marketplace vShare uses Apple enterprise tools to let users install fake iOS apps

A report Wednesday revealed how a pirated app website called vShare uses stolen Apple enterprise certificates to allow its users to install free versions of top-paid iOS apps.

vShare, in operation since 2011 and based in Shanghai, according to public records, is an app market that claims to offer “massive genuine applications free to download” for both Android and iOS. Like pirated app services that have gone before it, vShare makes use of pirated enterprise certificates issued to apps via the Apple Developer Enterprise program to allow users to access its own app market and download apps without the need to first jailbreak their iOS device.

Apple issues enterprise certificates to companies that develop and deploy their own iOS apps for internal use, allowing them to bypass the normal iTunes App Store approval process and allowing employees to install enterprise apps from outside the official iTunes App Store.

Proofpoint, a Calif.-based cybersecurity firm, told CNNMoney that vShare obtained at least four enterprise certificates and used them to sign its own vShare app. The vShare app, once installed on an iOS device, then acts as a portal to the company’s illegal app market.

Proofpoint said it had informed Apple of its findings and attempts by CNNMoney to install the vShare app on Tuesday failed, indicating that Apple may have already revoked some, if not all, of the stolen enterprise certificates used by the service.

Despite the website’s claim of providing “genuine” apps, iOS apps available through the vShare marketplace are mostly free, pirated versions or straight copies of popular paid iOS apps available via the iTunes App Store. Specific download numbers are not available, but copies of popular iOS games like Minecraft: Pocket Edition and Geometry Dash have been “liked” by more than 1.4 million downloaders, all of whom got the games for free. On the iTunes App Store, Minecraft sells for $6.99, and Geometry Dash goes for $1.99.

Loss of revenue to legitimate app owners aside, installing apps from unofficial marketplaces potentially leaves smartphone users vulnerable to any number of security risks. Although a security researcher at Palo Alto Networks who investigated vShare in 2014 found no evidence of malware in the service’s pirated apps, these copied apps do not undergo the same checks for malicious code as apps in official app stores do; therefore, the potential for hackers to distribute malware exists.

Screenshot: SiliconANGLE via vShare

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU