[HN Gopher] AltStore: An alternative app store for non-jailbroke... ___________________________________________________________________ AltStore: An alternative app store for non-jailbroken iOS devices Author : dariosalvi78 Score : 148 points Date : 2020-11-08 20:40 UTC (2 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | bgia wrote: | This system resigns app with your developer signature, and to | work around the expiration leaves a server running on your | computer that periodically resigns apps and updates them over the | air on your iPhone. | | I think this is simple yet genius. I wonder if it works on | AppleTV as well? | harikb wrote: | Doesn't the user also need their own Apple Developer account? | latchkey wrote: | https://altstore.io/faq/ | | Why do you need my Apple ID? | | Apple allows anyone with an Apple ID to install apps they've | built themselves onto their devices for testing. AltStore | uses your Apple ID to communicate with Apple's servers on | your behalf and perform the necessary steps to prepare your | account for installing apps onto your device. | | Why does it say my apps will expire in 7 days? | | Unfortunately, apps that have been installed using non- | developer Apple IDs (in other words, Apple IDs not tied to a | $99/year Apple developer account) are only valid for 7 days, | at which point they will no longer open. To compensate for | this, AltStore will periodically attempt to refresh your apps | in the background, and you can always manually refresh your | apps from within AltStore. | maskedinvader wrote: | This is brilliant workaround, wonder if apple will try taking | this down or let this be. | gameswithgo wrote: | Hah! I don't wonder. They will probably just find a way to make | this not work. | saurik wrote: | Apple keeps adding restrictions to what free developers can do, | which makes this less and less viable. They also made a major | change to their authentication mechanism for these free | developer accounts last year, which (to avoid a lot of reverse | engineering of highly obfuscated--and notably "well" obfuscated | --Apple code) required a pretty obtuse workaround from AltStore | on macOS where it injects into Mail.app as a plug-in... I am | shocked Apple hasn't figured out some way to restrict this yet | (it could be that it didn't occur to them there is still work | to be done upping the ante here?). | pydry wrote: | If they do they're waving a big red flag that says "ANTITRUST | VIOLATOR". | | So, it _will_ be interesting to see if they do. | gregoriol wrote: | This will have limitations on notifications and features like | icloud sync I guess? | | And while not very likely as it will be hard to differentiate a | real developer from this, Apple could still revoke Apple IDs or | developer accounts whenever they want. | | edit: also no way to have updates suggestion? (an app can be | updated, but the AltStore app can't know which app is installed | or which version?) | [deleted] | core-questions wrote: | The only downside here is that you have to have a Mac (or some | hackintosh, I guess) to do this. Anyone have any idea on the | state of the art for running an OSX virtual machine? | saurik wrote: | AltStore also supports Windows AFAIK. https://altstore.io/ | kevincox wrote: | If it works on windows why does it need the server at all? If | it is just making requests to Apple can't you do the signing | on the phone? (Other than the bootstrap procedure) | saurik wrote: | You can do the signing on the phone (though there is some | nuance here as logging in to the account is hard and the | techniques used by AltStore involve injection into other | Apple software; this is at least theoretically fixable, but | does mean that it wouldn't be trivial), but you can't do | the installation from another app on the phone in any | obvious way (at least without restricted entitlements). | AltStore is acting like Xcode doing over-the-network | installs from AltServer (and then also happens to do the | signing there, but that's again simply to make it easier to | develop it). | | AltStore is based on the signing code I developed and also | used in my Cydia Impactor (which lets you install apps over | USB); I actually did develop another tool called Cydia | Extender, which would run on your phone, but I dropped the | effort when I couldn't get stuff to install on the phone | (the technique I came up with relied on an entitlement that | was only able to be installed by users with developer | accounts; I even somehow failed to notice this until after | I released it, which was awkward: I still can't believe I | messed up my testing that badly). (Actually... maybe I have | a way to pull this off now? It is a long shot, and somewhat | risky ;P.) | mikeknoop wrote: | Could you use a VPN on the device to make a remote server | appear as a local server for network installs? If so, | could you loop back an on device "server" through a | remote proxy? | saurik wrote: | So, this is actually how Cydia Extender "worked" (aka, | "failed" ;P)--though I wasn't using the Xcode protocol | but instead did an ad hoc install (which turned out to | also separately not work for non-developer signed IPA | files, TWO issues I had failed to notice before release | ;P)--but Apple restricts usage of the Network Extension | (VPN) API using an entitlement only available to paid | developers (which I will strongly assert is to help the | CCP's censorship of Chinese citizens as part of Apple's | continual unfortunate collaboration). (I now happen to | work on semi-programmable VPN tech that is in the App | Store, so I might have options; a bit risky, though ;P.) | vvll wrote: | AltDaemon [1] runs on the phone and does this - it does | require a jailbreak however. | | [1] https://repo.dynastic.co/package/altdaemon | djxfade wrote: | No, AltStore has a server for Windows as well | phoe-krk wrote: | https://github.com/myspaghetti/macos-virtualbox | | Pretty bulletproof and automated. | Shank wrote: | This script seems to include the magic encryption string[0]. | I'm surprised that it hasn't been DMCA'd yet. | | [0]: https://github.com/myspaghetti/macos- | virtualbox/blob/master/... | phoe-krk wrote: | The magic "ourhardworkbythesewordsguardedpleasedontsteal(c) | AppleComputerInc" haiku-string is already kind of a meme by | now. | | See https://news.ycombinator.com/item?id=9589961 ___________________________________________________________________ (page generated 2020-11-08 23:00 UTC)