Abuse of iOS Enterprise App Signing Key - T1445 (51aedbd6-2837-4d15-aeb0-cb09f2bf22ac)
An adversary could abuse an iOS enterprise app signing key (intended for enterprise in-house distribution of apps) to sign malicious iOS apps so that they can be installed on iOS devices without the app needing to be published on Apple's App Store. For example, Xiao describes use of this technique in (Citation: Xiao-iOS).
Detection: iOS 9 and above typically requires explicit user consent before allowing installation of applications signed with enterprise distribution keys rather than installed from Apple's App Store.
Platforms: iOS