Apple has announced that developers with the ‘Account Holder’ role on the App Store will have to enable two-factor authentication.
The change is compulsory and will come into effect from February 27th.
“In an effort to keep accounts more secure, developers with the Account Holder role in a developer program will need to enable two-factor authentication to sign in to their Apple Developer account and Certificates, Identifiers & Profiles,” the company wrote.
Apple has not disclosed a specific reason for the change, but it could be part of its wider crackdown on enterprise security certificate abuses.
Last month, Facebook was discovered to be distributing a ‘research’ app to consumers – which incentivised users as young as 13 to share their phone and web activity in return for payment – through Apple's enterprise program.
As part of its crackdown, Apple revoked the enterprise certificates of Facebook and several other developers found to be misusing them. Access has since been restored but Apple continues to be more strict about policing its program.
In a statement, Apple said its enterprise program was designed “solely for the internal distribution of apps within an organization”.
“Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data,” it added.
The ‘Account Holder’ role allows the distribution and revocation of enterprise certificates, a power not even admins have. There’s a good chance the 2FA requirement is designed to prevent hacked accounts from abusing Apple's program.
Account Holders require a device running iOS, or a Mac running OS X El Capitan or later, as their second source of authentication.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.