Security News > 2022 > March > Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system
As SophosLabs reported last year cybercriminals were nevertheless able to draw iPhone users into their cryptocoin app scams by using Enterprise Provisioning.
The technological basis for these scam apps is surprisingly simple: the crooks persuade you, for example on the basis of a friendship carefully cultivated via a dating site, into giving them the same sort of administrative power over your iPhone that is usually reserved for companies managing corporate-owned devices []. Typically, [this means] they can remotely wipe them, unilaterally or on request, block access to company data, enforce specific security settings such as lock codes and lock timeouts.
TestFlight makes it easy to invite users to test your apps and App Clips and collect valuable feedback before releasing your apps on the App Store.
Interestingly, you can only join a TestFlight app's Beta phase if you first install Apple's TestFlight app, which is used to collect and collate telemetry from and feedback about the new app.
It's the opposite: TestFlight apps aren't in the App Store yet, because they're still being developed and could contain bugs.
You need to trust the developers of a TestFlight app even more than vendors of regular apps, because you're letting them run experimental code on your device.