That's surprising as Apple is supposed to revoke those kinds of certificates pretty quickly. Enterprise certificates are for use inside enterprises, not for outer users.
Iran is under embargo by the US. Consequently, Apple doesn't do business in Iran. If someone buys an Apple product in Iran they're getting smuggled hardware that has likely been jailbroken. It won't be connected to anything Apple or iCloud unless they're going through some kind of VPN. Certainly nobody is getting developer certs there and they can't do any payment processing so most regular apps are gonna be out of the question.
Please stop opining on what you have zero knowledge on. The Apple devices in Iran are never sold jailbroken (in fact, I have never seen a jailbroken Apple device in my life). They can usually connect to all the Apple services without a VPN. There are apps that use Iranian payment processors in the App Store itself (e.g., https://apps.apple.com/us/app/fidiketabi/id1464658470 is an app that sells ebooks and audiobooks, its real name being Fidibo), and others have apps as direct installs that need the user to accept their profile, or use one of those Iranian app stores. There was a brief period after the Facebook VPN scandal that Apple did make a show of blocking these Iranian certificates, which caused a surge in web apps (which I liked a lot), but that didn’t last long. What is super clear is that Apple gives not a single fuck about privacy, security, US laws, or anything except PR. They do exactly what generates the most money for them, and have no principles. Every single big stunt they have done costed them nothing and further consolidated their monopolies. It is always others who shoulder the costs, never Apple.
If your app is using any payment processor that's not Apple within the App Store that app is not in compliance with Apple's own App Store policies. Epic Games would be very interested to learn this is happening. If you're using self-signed certificates or an "Iranian App Store" to install things you are also operating outside the bounds of App Store policy.
You're using Apple services in a region that is not officially supported by Apple. I don't understand how you think security and privacy protections are going to be in place when using smuggled hardware that's intentionally compromised and taking active measures to circumvent what protections Apple has, either by jailbreaking or rerouting requests to Apple to some other mirror.
You’re full of assumptions. Nobody is tampering with the hardware, nobody is routing Apple IPs to fake mirrors, nobody is using “self-signed” certs. People use stock iPhones, without a VPN (not that enabling a normal VPN is at all relevant here, but still), to enable profiles signed by Apple, to run Iranian software. All these can happen in the US as well, except Iranian app websites usually check the IP and sometimes the phone number before they give you links to install the app.
That Fidibo app is obviously not “compliance with App Store policy.” Said policy has never been followed consistently. Feel free to email Epic if you think this changes anything. My magic ball says the best result you can expect is that Apple says, “Oops, they lied, and we didn’t notice.”
Your article is also just an article. App Store is usually fine in Iran, but sometimes there are connection problems. This is not even always a ban from Apple, the Islamic Republic is all too happy to ban foreign services.
Instead of giving me all these made-up stories, give me a list of all the major sacrifices Apple has made for user security. I can’t think of a single one. The nearest thing to a sacrifice they have done is supposedly not selling your data to 3rd parties (except China and friends), but this isn’t that lucrative for them and the PR it generates translates directly into profits. Most privacy choices aren’t this PR-able.
