I live in Iran, and here most Iranian apps are banned from the App Store, and are distributed using enterprise certificates. There are even Iranian app stores that use a single such certificate to install other apps, and they even sell some pirated apps through these. See, for example, https://sibapp.com/ and nassaab.com/
. Though these will probably not work with non-Iranian IPs.
In regard of the recent Facebook privacy scandal, I have become concerned how these apps affect my privacy, and what actions I can take to protect myself, and what actions Apple should be pushed to take. This phenomenon (of rogue Iranian apps) has high penetration rates in Iranian users. (Because everyone needs at least some of the services these apps deliver, including banking, SIM card's data and phone management, online taxis, …)
I think banning apps but leaving illegal enterprise certificates is possibly the worst way to handle this problem.
Update: Nothing is shown on the device about the certificate:
Best Answer
The short answer is a certificate has no entitlements, it simply turns off the App Store as the exclusive way to load apps. It doesn't change the code, install a VPN, add a passcode or anything, but what it does is disable one of the best privacy protections you have - Apple review of apps in the App Store.
The only worse thing than loading an enterprise app for security would be allowing MDM control so that someone could push changes / track your location / remote wipe your device and lock you out of the device or push apps to it.
You are correct to be worried about all those apps.
That certificate and entitlement are letting you know you are entering the Wild West, so to speak. (or in your case, would it be the Wild East or Wild Middle East?)
The warning indicates that nothing in that app was looked at by Apple. Apple didn't do a code review, didn't check that an app that says it's for putting a caption on a photo isn't instead uploading every photo including the date/time/GPS location to their servers to track / market / sell / collect information on every place you have a picture. They could even run facial recognition on the photos once they upload them.
Apple typically doesn't make developers not take the data they take, but they do make the developer let you know what the app does so at least we can all agree which apps will track what taps you make on screen and which don't. (for instance)
The recent press on this shows that VPN apps didn't disclose to the end users so if your apps enable VPN (look in the iOS settings for VPN) then you pretty much can't trust that anything wasn't sent to a server and then decrypted - stored and then re-encrypted to send to the final destination.
Basically, this allows a "man in the middle" attack so you can't trust that some difficulty is needed to decrypt your traffic. Already, we know we can't trust any telecom company not to record / tap / data mine every bit of data we send, but most of us expect that SSL encryption means that it will cost someone time and money to crack our traffic.
Now, it might be that the entire country of Iran is on some government's watch list and your traffic is already being decrypted, but this certificate allows that telecom to also see and monitor you in ways Apple tries to prevent by apps they put in their App Store.
For me, I don't ever install these on my personal devices. If I need a work device to have work apps, I let work provide me that device and I do work things on my work device and assume they get everything on that device. It's too hard for me to do app review so I simplify my privacy by not letting a third party install root certificates / SSL / unreviewed apps.