It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers.
Source: Software pirates use Apple tech to put hacked apps on iPhones | Reuters
It’s taken a long time and another massive Facebook privacy scandal for the news media to discover this underbelly of hacked apps chugging along happily due to Apple’s Enterprise Apps program.
I’ve used one on and off – Instagram++
I must say, it’s a liberating experience – I see no ads on Instagram, I see no random “Suggested Friends to Follow” crap.
I had to resort to this because my Instagram experience is vastly worse off than my wife’s and my friends’. I see, on average, 3x more ads on Instagram than others around me. How many ads does my wife see? None.
So to my mind, using Instagram++ makes perfect sense. If I can hack my way to a better UX, why shouldn’t I? It’s the same as using an adblocker.
I don’t support piracy of services. There’s no legit reason to not pay for Spotify.
As for hacked games, well, cheats and hacks have always existed, and will continue to exist, despite the alarmed voice of this Reuters article.
Also, the article got one thing wrong – I’ve observed Apple kick out the Enterprise cert almost once a month, sometimes two or three times a month. They seem to make it sound as if Reuters alerting Apple was the only thing that forced Apple into action.
They’re very much aware of the problem and can’t or won’t do much about it. Talking about it as if it’s the end of the App Store is just noise.
As for how much revenue these services generate? Not close to enough. They do seem to have a comfortable existence, and so might be able to get around Apple’s 2FA proposal by just buying a bunch of phone numbers in China. But do they run a massive profit? You bet that if they did, Apple would be all over them.
This is the same as the jailbreak community in some senses – only a small percentage of users are actually trusting these services not to misuse the extensive powers that Enterprise certs give them. Out of that small percentage, a further small percent is paying for it.
It’s sad that large companies like Facebook pulling the shit that they do often also bring to light little players that are just trying to provide a good service to users.
Now, the technical aspect of this – Instagram++ is available online for download as an IPA if you want to use your own developer account. If you don’t have a dev account, Apple now allows side-loading, but it is a cumbersome process that expires after 7 days. Apple’s earlier sideloading used to be 30 days. When Apple made it free for everyone to sideload (not just if you’re a $99/year paying developer), they reduced the time frame of the cert to 7 days, which in my mind is a total d*ck move.
If Apple really wants to combat Enterprise cert misuse while letting users do whatever they want with their systems, they can just legitimize sideloading and let me choose when my cert would expire, but Apple isn’t that generous.
Till a good solution presents itself, services like TweakBox, Tutu, and AppValley will continue to operate by hook or by crook. So be it.