Beginning from February 27, Apple intends to make two-factor authentication mandatory for developers. Here’s how this will affect signing services that rely on enterprise certificates to distribute hacked applications.
Table of Contents
2FA to soon become mandatory for developers
Two-factor authentication will soon become mandatory for developers enrolled in the Apple Developer Program.
Beginning from the end of this month, all developer accounts must activate the two-factor authentication feature.
According to a media report that Apple sent to developers, 2FA will prevent certificate misuse must prevent hackers from gaining access to sensitive information.
The upcoming two-factor authentication aimed at developers will in no way differ from the one used by regular users.
After activating 2FA, developers will require a password and a six-digit code to log in to their accounts. This secret six-digit key is generated by Apple’s servers and instantly sent as a message on a trusted Apple device.
This feature will make it more difficult to share developer accounts with other users just by sharing a password.
How will 2FA affect third-party signing services?
Developers enrolled in Apple’s developer program, thanks to their developer certificate, aren’t limited to installing just three third-party apps.
Signing services like TutuApp, AppValley, and Panda Helper exploit this loophole and distribute hacked applications to a large number of users for free.
With the introduction of 2FA, users will also need to enter a password before installing apps.
This requirement will affect the ability of signing services to freely distribute apps and might even kill the sideloading scene altogether.
We don’t know how fierce Apple’s crackdown on signing services will be but one thing is clear – Apple means business.
The sideloading scene is expected to change drastically in the near future.
So, how are you preparing for the looming app-ocalypse? Let us know in the comments section below.
This is not accurate. This is what actually is going to happen. Signing services must sign in to sign an app with an enterprise certificate. That account they sign in to must be the one that is registered with the enterprise certificate. In the past, all they needed was the email and password so it was easy to buy an access to an account with an enterprise certificate. Now when they buy an account and login to sign the apps, they must enter that 6 digit code. This is an issue as they most likely don’t have the device the account is linked with. That is all that is changing. Users will not need a code to download apps. This will neither end signing services. It will just be a little harder to obtain enterprise certificates but definitely not impossible.