CoinPoker iOS App Security Report
CoinPoker iOS âAppâ Security Report â For the Community
Date: March 3, 2026
Purpose: Clear, factual information for all players â especially non-tech-savvy users â about the iOS installation method CoinPoker currently recommends.
Executive Summary
CoinPokerâs official download guide at download.coinpoker.com instructs users to install a configuration profile signed by National Oilwell Varco, Inc. (a large U.S. oilfield services company with no connection to poker or gaming).
This is not a normal app from the Apple App Store and not the safe browser method. It bypasses Appleâs security checks using a corporate certificate meant only for internal company use. Apple explicitly prohibits this for public gambling apps.
CoinPoker has publicly stated there is ânothing to worry aboutâ regarding recent desktop security reports. The iOS method is a separate, well-documented risk that Apple and security experts have warned about for years.
What You Actually Install (Verifiable Facts)
⢠The guide shows screenshots telling you to:
⢠Tap âInstallâ from a CloudFront domain.
⢠Go to Settings â VPN & Device Management.
⢠âTrustâ a developer (the name is censored in their screenshots but appears as National Oilwell Varco, Inc. on usersâ phones).
⢠Allow a phone restart.
⢠This is confirmed by the exact screenshots on download.coinpoker.com (as shared by multiple users).
This is not the official âAdd to Home Screenâ PWA method that CoinPoker also supports but does not highlight as the primary option.
Specific Dangers (Backed by Appleâs Own Rules & Public Record)
⢠Violates Appleâs Enterprise Developer Agreementâ¨Appleâs official license states enterprise certificates are for âinternal use onlyâ by a companyâs own employees (Apple Developer Enterprise Program License Agreement, Section 2). Using them for public real-money gambling apps breaches the agreement. Apple has revoked such certificates for gambling/porn/piracy apps in the past (Ars Technica, TechCrunch reports 2019âpresent).
⢠Bypasses All Apple Security Reviewâ¨No App Store vetting means no independent check for malware, data collection, or backdoors. Appleâs own support pages and community warnings state that unvetted enterprise apps âcan pose a security riskâ and are ânot vetted by Appleâs review systems.â
⢠Gives the App Extra Privilegesâ¨A trusted configuration profile can install root certificates, run background processes, and potentially intercept traffic or persist after deletion. Apple Discussions and security researchers (Stack Exchange, Quora, Reddit r/sideloaded) consistently rank malicious or abused profiles among the highest iOS risks.
⢠Sudden Revocation Riskâ¨If Apple detects and revokes the certificate (as they have done with many gambling apps), the âappâ stops working instantly for everyone. Users lose access to funds mid-session with no warning.
⢠Targeted at Non-Tech Usersâ¨The guide uses simple steps and red âDownload Nowâ buttons, making it easy for older or less experienced players to follow without understanding they are installing an enterprise profile from an unrelated oil company.
CoinPokerâs Track Record on Transparency
The same team that marketed â100% rakeback for the full month of Marchâ (when only the first half is direct individual rakeback) is now directing players to this method while downplaying other security concerns. This fits a pattern of aggressive convenience over full disclosure.
The Safe Way to Play on iOS (Recommended by Security Standards)
1. Open Safari.
2. Type play.coinpoker.com yourself (never click links).
3. Log in.
4. Tap the Share button â âAdd to Home Screenâ.
This is a normal Progressive Web App (PWA) â fully sandboxed by Apple, no profile, no certificate, no restart, identical functionality.
Recommendation for All Players
⢠If you followed the âDownload Nowâ steps on download.coinpoker.com:â¨Immediately go to Settings â General â VPN & Device Management, delete the CoinPoker app and the National Oilwell Varco profile, restart your phone, and clear Safari data.
⢠Change your CoinPoker password from a computer or different device as a precaution.
⢠For maximum safety and peace of mind, stick exclusively to the play.coinpoker.com browser/PWA method.
This report contains only verifiable facts from CoinPokerâs own website, Appleâs published agreements, and public security documentation. No speculation.
Share freely. Non-tech-savvy friends and family deserve to know exactly what they are being asked to install.
Stay safe at the tables.