Apple has a strict review process for apps published in its App Store. The review guidelines not only disallow use of the powerful private APIs but also forbid dangerous or deceptive behaviours. The review process, though imperfect, provides good protection for iOS users and makes it difficult for malware to exist in the App Store. However, apps may also be distributed using enterprise provisioning profiles without having to go through such a review process. Apps distributed in this way have become a new attack vector. Attackers can launch targeted attacks by delivering malicious apps leveraging private APIs to the victim’s device. In this paper, we explain the risk of an attacker distributing apps using enterprise provisioning profiles to conduct targeted attacks, including remote installation through spear phishing, autostart after reboot, background monitoring and bypassing certificate revocation. We show that serious, targeted attacks on iOS are both feasible and realistic. We also discuss the implications this has on the iOS security architecture and the challenges of addressing them.