Ne’er-do-wells are spreading dodgy versions of popular iOS apps to iPhone users using a loophole in Apple’s developer programme, according to Reuters.
The apps are reportedly being sent out by “illicit software distributors” using bogus digital certificates – an electronic trust sign devices use to identify different types of software/applications.
The bug reportedly grants them access to a developer/enterprise feature designed to make it easier to business to install custom apps on iPhones.
Related: Best iPhone
Reuters claimed it found numerous distributors, including TutuApp, Panda Helper, AppValley and TweakBox using the technique to send out modified versions of popular apps Spotify, Angry Birds, Pokemon Go and Minecraft.
The apps weren’t listed as being directly malicious. Reuters said they are modified versions designed to offer extra services to consumers, such as removing ads, circumventing micro-transactions and adding cheats.
Jarno Niemela, principal researcher at F-Secure told Trusted Reviews that there was no immediate danger to consumers who only use the official apps store, but added hackers have in the past used similar loopholes to spy on smartphones users.
Related: Best Free Antivirus
“Developer certificates have been previously used for installing spying tools on the device. Using developer certificates for privacy is something that we have been expecting, but not spoken about so we don’t give anyone ideas. Nokia Symbian used to have the same issue back in the days, so this is not unexpected,” he said.
“If you don’t install pirated apps these certificates do not end up to your phone. However if you do, you are at pirate’s tender mercies as there is no telling what has been embedded into those pirated apps. Of course even with developer certificates, the pirated apps are still bound by iOS general platform security. So there are limits on what they can do.”
Apple had not responded to Trusted Reviews request for comment on the report, but Reuters reported the company had tried and failed to stop the apps being distributed.
Nervous about the dodgy apps? Let us know on Twitter @TrustedReviews