Are unlisted apps a threat?
Apple will allow unlisted apps to be featured in its App Store, discoverable only by a direct link. Find out what security and brand protection issues your brand has to look out for.
Apple has announced a new feature for developers: from now on, the tech giant will allow unlisted apps to be featured in its App Store.
Apps are considered unlisted when they can’t be accessed with a simple search in the App Store, but can only be found via a direct link provided to users, or through Apple Business Manager and Apple School Manager.
The new feature comes in handy for organizations that use specific apps and don’t want the general public to have access to them. This includes educational institutions, businesses, attendees of a specific event, franchisees, etc.
It also helps with a much needed decluttering of the App Store, and can limit the frustration of users who mistakenly download apps that aren’t meant for the general public. (Like, COVID-pass reading apps instead of the app that actually contains your COVID-pass. Oh, the confusion.)
Apple details the process developers have to follow if they want to publish an unlisted app, or if they want to unlist a previously listed app. Basically, they have to create the app and turn it in to Apple along with a request form to get the unlisted status.
It’s important to note that these apps have to be past their final development stages and ready for publication, which means you can’t publish an app in beta-version as unlisted.
Once your request has been approved, you’ll receive a link to your app that you can share with people you want to download and use your app. However, be aware that Apple doesn’t provide any other safety features besides not listing the app, which means that anybody with the link can download it.
If you want to prevent unauthorized people from gaining access, you’ll have to install extra security gates, like a password.
While the main purpose of apps is to make life easier for their users, there are several safety risks, including data privacy, weak malware protection and pirated content, that their usage may present to customers. Not to mention brands.
Unlisted apps have all those safety risks, and then some. Because of their very nature, unlisted apps may be the perfect gateway for dishonest actors to distribute their content to a limited and selective audience.
This wouldn’t be without precedent. After all, this is exactly what came to light about Apple’s Developer Enterprise Program. This platform, intended for developers to share and test the apps they were working on, has been discovered and used by fraudsters to distribute pirated and other illegal content.
The limited audience of unlisted apps (just like that of the Developer Enterprise Program) means that the chance of any illegal activity being discovered and reported is a lot lower than with apps accessible to the general public.
Imagine that a developer takes an IP-protected asset from your brand (e.g. your logo or product picture) and uses it in an unlisted app that only a select audience has access to. The infringement can go on undisturbed and undetected for a long time, especially if the audience itself has an interest in keeping things under the radar.
Depending on the duration and extent of the infringement, such a situation could result in huge losses of revenue for your brand, not to mention other aspects like your reputation. This is especially true if your brand’s assets are used in a derogatory manner or in ways that you would never consent to (e.g. in a violent game.)
But what can you do to protect your IP-assets and your brand?
globaleyez’s app monitoring service was designed to catch IP-infringing apps. We monitor over 30 major and minor app stores all over the world, detecting and eliminating apps that infringe on our clients’ IP-rights.
As unlisted apps have just been introduced, we’ve yet to encounter one in action. Similarly, it remains to be seen how rigorous Apple’s procedure is to filter our harmful and infringing app content before it's published.
Since they’re not discoverable by regular search methods (e.g. via keywords) in app stores, we have to rely on manual searches instead of our usual automatic ones performed with our software tool, traxster.
On the other hand, our extensive experience in other segments of the industry can lead us to the actual links we need to get access to unlisted apps. Various internet fora, including the darknet, serve criminal interests and offer access to cracked software, stolen passwords, pirated content, carhacks, etc. It’s quite likely that the links to shady unlisted apps will show up on these fora as well. And when they do, we’ll be ready to take them down.
In the meantime, let’s not ignore the threats posed by infringing apps readily available in app stores. Many of these feature brand names, logos, imagery, and any other IP-asset without authorization in order to get customers to download them.
Their owners may “only” wish to make money (by stealing your revenue), or have more sinister purposes. Some unauthorized apps pose as the brands whose IP-assets they’re using because they intend to get access to sensitive user data that customers believe they can share with a trusted brand.
This can have catastrophic consequences for both users and brands. Getting tangled up in a stolen-data scandal, even if you had nothing to do with it, could be fatal for your brand. Which is why it’s crucial to be one step ahead of infringers and find these apps before they can do a lot of harm.
globaleyez’s app monitoring program does just that. Whatever the intent of infringers, we find their apps and remove them from app stores as soon as possible.
Are you concerned about IP-infringements in the app world? Reach out to us and let us show you how we can protect your brand.