THE ULTRA-POPULAR VIDEO piracy app Popcorn Time has already picked a fight with the combined powers of Hollywood’s intellectual property lawyers. Now it’s also entered into a cat-and-mouse game with the world’s biggest tech company. And for the moment, it’s winning.

On Wednesday Popcorn Time plans to launch a version of its copyright-flouting bittorrent video player for iOS, potentially bringing its free, easy-as-Netflix form of movie and TV piracy to millions of iPads and iPhones. The new program wasn’t authorized by Apple, which closely polices software in its App Store for copyright infringement and prevents anyone from installing applications from outside that walled garden. Instead, Popcorn Time’s anonymous developers seem to have taken advantage of a chink in Apple’s download restrictions to circumvent the App Store and plant their app on Apple’s closely controlled devices without its permission, the latest move in a back-and-forth battle between the free software’s programmers and Apple’s security team.

The developers of Popcorn-Time.se, one of the most popular of the several forks of Popcorn Time’s open source software, say they’ve partnered with another team of anonymous developers to create a tool called iOS Installer for Windows. That program lets users install Popcorn Time onto their iOS devices by way of their personal Windows PC, rather than through the App Store. It doesn’t require “jailbreaking” those phones or tablets, a more involved process that fully removes all of Apple’s installation protections and security measures. (And a Mac version of the installer is coming in two weeks, the developers add.)

“We’ve been [wracking] our brains to find a solution that will enable iOS users who don’t want to jailbreak their device…to also enjoy Popcorn Time on their iOS device,” reads an email from one of Popcorn-Time.se’s anonymous developers, who have kept their identities hidden to avoid the legal repercussions of building a piracy app downloaded by millions of users. “Our relentless pursuit for a solution led us to a fruitful collaboration with another group of brilliant developers who came up with the awesome solution of making an iOS installer…All a user will need to do to get Popcorn Time on his non-jailbroken iOS device is to download this software called ‘iOS installer’ to his desktop computer…connect his iOS device to the computer with a USB cable, and then just follow simple instructions that will download the app on the iOS device.”

Popcorn Time and its iOS Installer developers won’t reveal all the details of how their installation process jumps Apple’s garden walls. “We’re going into war against Apple with this iOS installer,” says one unidentified developer of the installer program in an email to WIRED. “The longer we keep this information to ourselves and not published, the stronger we’ll be in this war against them.”

But the iOS Installer developer does hint that its workaround exploits “the ability Apple gives to enterprises to install apps on their workers devices.” To those familiar with Apple’s security measures, that sounds like Popcorn Time is using Apple’s iOS Developer Enterprise Program. The $299-a-year-service allows companies and government agencies to install applications onto their employees’ gadgets without showing the code to Apple; Apple sells organizations their own cryptographic certificate that they can use to “sign” the apps, just as Apple signs App Store programs with its own authorization certificate. “Apple needs to let large organizations install anything they want on their own devices,” explains Jonathan Zdziarski, a security researcher, consultant and iOS forensics expert. “Those organizations don’t necessarily want to vet their code through Apple. If you’re the NSA, that code could even be classified.”

Popcorn Time appears to be using that enterprise loophole—and at least one of the enterprise certificates Apple issues—to sneak its video piracy app onto willing users’ iPhones or iPads. When WIRED installed the Popcorn Time app using the iOSInstaller, it showed a warning for an “untrusted app developer” and asked for approval for a certificate from a company called “Richel LLC.”

Before installation, Popcorn Time’s iOS Installer also asks the user to put the target phone into “airplane mode,” cutting off its ability to communicate back to Apple’s servers. That additional safeguard, says Zdziarski, is intended to prevent the phone from checking the certificate against a list of valid and revoked certificates held by Apple. The Popcorn-Time.se developer confirmed in an email that the team is in fact using revoked or expired enterprise certificates for the installation, though it’s not exactly clear how merely putting the phone into airplane mode can trick it into accepting those old and invalid certificates.

In WIRED’s tests of an early version of the app, Popcorn-Time.se was still working out its kinks. While the program successfully installed on an updated iPhone and showed Popcorn Time’s slick interface, it crashed or got stuck when playing any video other than a movie trailer. Popular bittorrent blog TorrentFreak, on the other hand, writes that the app “works as advertised.”

It’s worth noting that users should think twice before installing any unauthorized app from anonymous developers. Apple’s restrictions, after all, are designed in part to make its devices secure from malware and adware, and any method of circumventing them leaves users potentially vulnerable to those problems. Jailbreaking your iOS device can also void its warranty—it’s not clear whether installing bootleg apps might have the same effect. Apple, for its part, didn’t respond to WIRED’s request for comment on Popcorn Time’s installation workaround.

Popcorn Time has exploded over the last year as a free and likely illegal alternative to Netflix, with no monthly fees, more content, and in some cases better quality video. A spokesperson for Popcorn-Time.se told WIRED last month that its software had already been downloaded at least 4 million times, with as many as a hundred thousand new downloads a day. And Popcorn-Time.se, which formerly used the domain Time4Popcorn.eu, is only one of several teams that’s taken on the mantle of Popcorn Time over the last year in an open-source free-for-all. Another fork at PopcornTime.io claims to be even more popular.

Popcorn-Time.se’s new app isn’t the first iOS version of that free software, either. Since September of last year Popcorn-Time.se has offered a version of its pirated video player for jailbroken iOS devices. And in October, another version of the program from a lesser-known team of Popcorn Time developers was launched for iOS. That version didn’t require jailbreaking either, but did require the user to set back the device’s clock to an earlier date, likely to trick the phone into accepting an expired certificate. IOS 8.1, which was released shortly after the bootleg app, blocked that installation method.

Apple will surely take measures to shut down Popcorn-Time.se’s newer installation method, too. But the anonymous developers say they’re ready with their own countermeasures—just what they won’t say—and prepared for a long war of attrition. “The installer guys have no doubt that this will be a long journey, playing ‘cat and mouse’ with Apple that probably won’t like them breaking their closed eco-system,” a Popcorn-Time.se developer writes in an email. “But seeing their work now and future updates for the installer they’re already working on, we’re sure they’re ready for any obstacle Apple will throw their way.”

http://www.wired.com/2015/04/popcorn...-onto-iphones/