EghtesadOnline: Apple Inc. crackdown on misuse of its enterprise developer certificates has taken a toll on Iranian startups offering services through iOS apps.
On early Tuesday, Apple suspended iOS distribution certificates of numerous Iranian app developers. Following the move, access to over 20 locally-developed iOS apps were blocked, including mobile banking, shopping, and ride-hailing services.
Some of the services impacted by the move are ride-hailing apps Snapp and Tap30, along with mobile banking apps of numerous Iranian fintechs and banks.
This is not the first time that Iranian iOS apps are rendered useless due to the sudden decisions made by Apple, Financial Tribune reported.
In previous cases, online Iranian companies were singled out by the firm to enforce the US sanctions against Iran. However, this time several Chinese Internet-based services have also been affected.
On Feb. 14 Reuters published a story ‘Software pirates use Apple tech to put hacked apps on iPhones’, according to which, software pirates hijacked technology designed by Apple to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones.
Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a program Apple introduced to let corporations distribute business apps to their employees without going through Apple’s tightly controlled App Store.
The same way was used by Iranian app developers to distribute their products. Due to the US restrictions, Iranian companies cannot publish their products via normal channels defined by Apple.
Apple did not respond to requests for comment made by Financial Tribune since Friday.
In February an Apple spokesperson told Reuters, “Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely… We are continuously evaluating the cases of misuse and are prepared to take immediate action.”
The American company confirmed that it will require two-factor authentication - using a code sent to a phone as well as a password - to log into all developer accounts by the end of the month, which could help prevent certificate misuse.