undefined | Better HN

0 pointsidunno24612y ago0 comments

They're using MacBuildServer, which provisions it with its own enterprise account, which is against ToS and I would expect macbuildserver's public provisioning to get shut down and the profile revoked

0 comments

12 comments · 3 top-level

jeiting12y ago· 5 in thread

Yeah, this is blatant abuse of the enterprise certificate program. This kind of activity sucks for those of us that use the enterprise signing cert for legitimate purposes.

Dylan1680712y ago

This is definitely an abuse of the program, but it hurts to see you use the word 'legitimate' to mean 'apple-sanctioned'. They're not tricking anyone, just letting people install custom apps without paying apple a huge* developer fee.

*$100 is more or less acceptable, $100 per year for revocable permission to compile is awful

peterkelly12y ago

> $100 per year for revocable permission to compile is awful

If you're making any kind of serious money on the app store, this cost is practically nothing. Maybe 2-4 hours of your time, tops.

Think about how much the Macbook Pro you use to develop on costs.

1 more reply

mikeash12y ago

"They're not tricking anyone"

Don't forget Apple. They told Apple that they would not use this key in certain ways, even though they do.

I don't see the problem with calling this "illegitimate". Jailbreaking so you can sideload apps is legitimate. Somehow cracking Apple's verification so you can sign apps without their involvement would be legitimate. But signing up for an enterprise account and then using the keys they give you as part of that in ways they tell you not to is, I think, legitimately illegitimate (ahem).

1 more reply

glhaynes12y ago

Check what "legitimate" means.

1 more reply

pbsdp12y ago

To be granted an enterprise or standard developer signing certificate, you must agree to a contract that stipulates the valid uses of that certificate.

I think it's reasonable to call blatant disregard for contractual obligations "illegitimate".

mikehotel12y ago· 2 in thread

MacBuildServer created at least one of the certs they use for signing inhouse/universal distribution apps on 2013-05-15T16:48:45Z, and it has not yet been revoked. If it does get revoked, they can just remove that part of their service, and continue to allow people to upload their certs, keys and provisioning profiles for building server side. (o.O)

Once MBS becomes more popular, Apple will have to react to prevent others from abusing this. This is the first real test I can recall of their enforcement policy. Honestly, I can't see any enterprises that rely on iOS internally risking TOS violations in a similar public manner even if Apple decides not to enforce TOS with MBS.

idunno246OP12y ago

Yep, it's just this one feature, the rest of the build service is safe, and potentially cool from a features standpoint. I assume the fear is it would be fairly trivial to add an app store on top of this.

mikehotel12y ago

Right, that is the fear, and I think Apple may only act if the competing App Store is affecting their bottom line via lost revenue. But who would build something like this knowing Apple can shutdown their business at any time?

Cydia is the only real competing appstore I am aware of, and they are relying on iOS bugs that Apple keeps patching.

blairbeckwith12y ago· 2 in thread

Are there any other examples of apps that would normally be forbidden in the App Store that can be installed in this way?

sorghum12y ago

Yeah, Apple also bans tethering/proxy apps as well as anything related to P2P.

jcl12y ago

I would imagine you could install Gnu GO, VLC, or any other GPL software that has been removed from the App Store.

j / k navigate · click thread line to collapse

0 comments

12 comments · 3 top-level

jeiting12y ago· 5 in thread

Yeah, this is blatant abuse of the enterprise certificate program. This kind of activity sucks for those of us that use the enterprise signing cert for legitimate purposes.

Dylan1680712y ago

*$100 is more or less acceptable, $100 per year for revocable permission to compile is awful

peterkelly12y ago

> $100 per year for revocable permission to compile is awful

If you're making any kind of serious money on the app store, this cost is practically nothing. Maybe 2-4 hours of your time, tops.

Think about how much the Macbook Pro you use to develop on costs.

1 more reply

mikeash12y ago

"They're not tricking anyone"

Don't forget Apple. They told Apple that they would not use this key in certain ways, even though they do.

1 more reply

glhaynes12y ago

Check what "legitimate" means.

1 more reply

pbsdp12y ago

To be granted an enterprise or standard developer signing certificate, you must agree to a contract that stipulates the valid uses of that certificate.

I think it's reasonable to call blatant disregard for contractual obligations "illegitimate".

mikehotel12y ago· 2 in thread

idunno246OP12y ago

mikehotel12y ago

Cydia is the only real competing appstore I am aware of, and they are relying on iOS bugs that Apple keeps patching.

blairbeckwith12y ago· 2 in thread

Are there any other examples of apps that would normally be forbidden in the App Store that can be installed in this way?

sorghum12y ago

Yeah, Apple also bans tethering/proxy apps as well as anything related to P2P.

jcl12y ago

I would imagine you could install Gnu GO, VLC, or any other GPL software that has been removed from the App Store.

j / k navigate · click thread line to collapse