[judge2020]

> Apple also apparently didn't even notice

Do they have any information about enterprise apps? As I understand it, Apple never phones home with app info (such as the identifier, name, etc) when verifying or installing enterprise-signed apps, so the only thing they know is probably the IP address requesting to verify the enterprise-signed app and the frequency of how often Apple devices do this certificate verification.

Considering FB and Google have many employees in all different parts of the world, it wouldn't be too suspicious to see a good amount of diversity between GeoIP regions.

Correct me if i'm wrong about what info Apple collects about enterprise apps.

[spsful]

As far as I can see this is correct. Even if devices are enrolled In Apple's Enterprise MDM program, the administration staff are the ones who get to see which applications are installed on the iDevice, not Apple. And I really do not think they are so preoccupied with this that they want to actively scan IP addresses for suspicious behavior (of which there probably isn't any to begin with).

Anyway I wholehartedly agree with you here and I think Apple genuinely had no knowledge of this activity until news outlets reported on it. Or if they did, it did not make its way to the higher-ups that revoke developer certs.

[saagarjha]

Going forwards, Apple will require that companies provide their enterprise apps to be audited.

[judge2020]

I see them adding something like the macOS "notarization" requirement to iOS enterprise apps.