There may finally be a crack in the infamous “walled garden” of Apple’s App Store, thanks to the work of Riley Testut, an ambitious developer best known for developing a series of Nintendo emulators — a class of app that’s never been permitted by Apple’s App Store Guidelines.
For a variety of reasons, Apple rules its app ecosystem with an iron fist, doing everything it can to block consumer apps from being installed through any other means. Further, it applies stringent policies to the App Store itself, and while most developers are at least grudgingly happy to abide by Apple’s rules, there are whole categories of apps that simply aren’t permitted, such as game emulators, plus those situations where Apple suddenly decides to change course, seemingly on a whim.
Then there are the financial considerations, with Apple taking a cut of the revenue that developers make from their apps, both in terms of outright sales and in-app purchases and subscriptions. While Apple has lowered its take for long-term subscriptions, this hasn’t stopped accusations of the App Store being a monopoly on more than one occasion.
How Apple Controls Apps
The secret to Apple’s control is by requiring iOS to only accept and run apps that are cryptographically “signed” with a valid certificate that’s issued by Apple. Everything that Apple issues on the App Store bears this signature, as do apps distributed through developer beta programs like TestFlight.
So even if a user is able to get some random app onto an iOS device, the device will refuse to run it if it doesn’t recognize a valid signature. This requirement is built into the core operating system so that it can’t be easily bypassed.
Sadly, there have been few ways to get around Apple’s restrictions and install apps from other sources. One of the more common methods in past years was for users to “jailbreak” their iOS devices, installing a modified version of the operating system that loosens many of the restrictions that Apple has placed in iOS, for better of for worse, including the need for apps to be signed.
Still, jailbreaking requires a fair bit of effort on the part of end users, and it has the downside of reducing the security of devices in a lot of different ways. Plus, Apple is making it even harder to do with each new iOS update.
The only other alternative in the past was for developers to get their hands on an “Enterprise certificate” that’s available to members of Apple’s Developer Enterprise program — companies that build apps that are for the exclusive use of their own employees, and not the public at large.
In fact, earlier this year it was revealed that there was a huge set of underground app stores using this method, but what Apple gives, Apple can take away, and it’s trivially easy for the company to revoke an Enterprise certificate once it’s discovered being abused, which in turn immediately disables all of the apps that were distributed using it.
Now, however, it appears that Testut has figured out an alternative way to reliably install apps that may be difficult for Apple to shut down, and it’s a method that’s been under all of our noses for years.
Apple has long made its development tool, Xcode, publicly available in order to encourage amateur developers to build their own apps, in the hopes of inspiring them to become full-fledged iOS developers someday. While in the very early days of iOS, users were forced to rely on simulators, several years ago Apple began allowing anybody to build and compile their own apps and install them on their personal iPhone or iPad.
To do this, apps were signed with a personal certificate issued by Apple to the user’s own Apple ID, and then transferred, or “sideloaded” directly from the user’s Mac onto their iPhone or iPad, in much the same way that apps used to be synced directly from iTunes over USB or Wi-Fi.
In a nutshell, what Testut has figured out how to do is to duplicate this exact procedure, essentially making apps distributed through his “AltStore” appear as if they were coded and developed by the user themselves. The result is that the user’s iPhone recognizes the app as valid — since it’s been properly signed — and will allow it to run normally, without any requirement to jailbreak or modify the user’s device.
In other words, AltStore tricks your iPhone into thinking that you developed the apps yourself.
What’s the Catch?
If this sound too good to be true, it’s worth keeping in mind that it’s still a slightly kludgy experience compared to the smooth over-the-air installation of apps from the official App Store, so it’s likely not going to allow millions of users to suddenly have easy access to a whole collection of alternative apps, but it does make it far easier, and probably more reliable, than anything that’s been attempted in the past.
The first thing is that you will need to install a desktop app, AltServer, but unlike Apple’s own XCode, this is available for both Mac and Windows PC users.
After installing AltServer, you need to physically connect your iOS device to your computer and input your Apple ID with an app-specific password (which you’ll need to generate from the Apple ID management web page). This generates the necessary certificates and installs the iOS version of the AltStore app on your iPhone or iPad.
Once this has all been done, you can browse apps directly from the AltStore app on iOS, which looks very similar to Apple’s own App Store, although at this point there’s only one app available, Testut’s own Delta NES emulator, although Testut naturally expects more to come once the service officially launches this weekend.
Since Apple doesn’t expect apps built by non-registered developers to be used for anything more than testing, there’s one other restriction that Testut had to work around — self-installed apps expire after seven days. To deal with this, Testut designed AltServer to use iTunes Wi-Fi sync to refresh all of the AltStore-installed apps on a weekly basis to ensure that they don’t disappear from your device. This happens in the background, but it does require that you be on the same Wi-Fi network as your computer running AltServer at least once a week.
Can Apple Shut This Down?
While we’re fairly certain Apple can find a way to shut this down if it really wants to, the method that Testut has used makes it difficult for Apple to do without collateral damage to developers and organizations like schools who rely on the ability to sideload apps in this way for educational purposes.
In speaking with The Verge, Testut explains how the method he uses may be hard for Apple to shut down without making some pretty significant changes to either its policies or how iOS works right now.
It would be interesting, because everything I’m doing, Apple is doing themselves. One heavy-handed approach is they could completely shut down the whole service, but that would affect everyone doing this, including schools. Anyone just using their free Apple ID on the side.Riley Testut
Alternatively, Testut notes that Apple could just disable the ability to sync over Wi-FI, but that would simply mean plugging in your iPhone once a week — a slightly more cumbersome approach, but still nothing that would prevent AltStore from continuing to distribute apps to those users who really want the alternatives that it can potentially offer. “As long as iTunes can sync apps, Alt Store can work,” Testut said, and although Apple removed the front-end App Store from iTunes back in 2017, the ability to sync apps from a computer remains in place under the hood even in macOS Catalina’s iTunes replacement.