From: Eric Friedman
To: Payam Mirasnal
ce: Tyler Stand [en zac Tracy Pimack 1
Steve Gediarl | ef Robbin Gavin Shearer |
acc:
Subject: Re: Black Market App Store Follow-up
Attachments:
sent: 071112014 10:55:03 PM 0000 GMT)
1 was finally abe to and a meeting vith iin abou this on Monday morning. Ivan and il make the case for doing exact
hat you propose.
On Jul 11, 2014, at 3:39 PM, Payam Mireshici NY ~ t=:
Its just nuts that we don't regulate those certificates better. This is represents a huge
outflow of revenue that would otherwise be coming to apple.
On Jul 11,2014, at 14:29, Eric Friedman < | NN > vote
Get an enterprise profile and use it to sign apps. You can redistribute the entire store
if you're able to convince your customers to install and trust your certificate, which
millions of people are apparently willing to do.
See attached screenshot of the one that Ben Liaw produced when he ran through it
for us.
The issue is that the bar to obtain an EPP cert is far too low and while we can
terminate abused profiles, they can simply deploy ten others just like it. Once
installed, the apps remain good forever, even if the EPP cert is invalidated.
We've identified short term and long term mitigation strategies but need help getting
them implemented, as they cut across Phil, Eddy, and Craig's worlds.
| <CodiingMoth Extract key.zip>
| On Jul 11,2014, at 2:22 PM, Tyler Strand <> vote
PX-0256.1
CONFIDENTIAL APL-APPSTORE_ 02848634