AltStore allows limited sideloading of iPhone apps Apple doesn't approve
As Apple faces pressure to open up the iPhone to third-party App Store providers, one developer has been helping users sideload apps since 2019 -- and has issues with overbroad legislation demanding users be able to sideload.
Apple has been persistently consistent and clear on its view that sideloading brings malware risks, and it's going to take changes in the law to make it allow unapproved apps onto the iPhone. Yet developer Riley Testut has been using one of Apple's own tools to allow users to install apps from outside Apple's curated App Store.
According to Fast Company, AltStore has been downloaded over 1.5 million times since its 2019 launch. It reportedly has over 300,000 active monthly users, and almost 6,000 of those contribute to Testut's Patreon, paying over $14,500 for him to work on the service full time.
Once installed, AltStore lets users add apps made by Testut. Users can also add any app they can find from anywhere, so long as it is using the .ipa format. Versions of social media apps that have had their ads removed are reportedly popular, as are classic game emulators.
AltStore exploits the fact that Apple's Xcode development platform allows users to load apps they're developing, straight onto their own iPhones.
"When Apple announced that [feature in 2015], I was like, 'Oh, so there's some way to install apps onto iOS just with an Apple ID,'" says Testut. "And from there I expanded that into a full solution."
The full solution is not straightforward. It requires a user to install a Mac or PC app called AltServer, then AltStore security signs an app so that appears to have been made by the user.
Apps can only be installed when iPhone and Mac or PC are on the same Wi-Fi network, and running AltServer. Only three such apps can be installed at any time, and one of those is the mandatory AltStore.
It is possible to swap out apps, but there are limits on this too. Any one user can only sideload up to 10 apps per week, and moreover FastCompany says that every app installed must be "refreshed" by connecting to AltServer once a week.
AppleInsider staffers have used the AltStore periodically since release. We can confirm that it works, and does what it is advertised to do. However, the installation of both the AltServer and apps through it can be finicky.
"There's a lot of risk to sideloading," continues Testut. "Because we're the tool that people are using, it's our responsibility to make sure that we're doing what we can to prevent people from accidentally screwing themselves over."
So perhaps ironically, Testut agrees with Apple about sideloading, or at least he does when it's potentially on a large scale. He does not approve of proposed legislation that would conceivably allow any consumer to download any app, without some protection.
"We don't like the bills, actually," he told Fast Company. "We really think they are too broad, and they have serious ramifications for consumer privacy."
However, Testut does very much believe that everyone should have the right to sideload if they want to. And he believes that the app industry needs that freedom.
"Apple takes an approach to the App Store where they only approve what they imagine already," he says, "so anything that pushes the boundaries of that, Apple will just reject."
"We need a way for apps that push the boundaries to first exist, and then people will see it exist and want it in the App Store," he continues. "No cool, fun apps are coming out. We want to see more small, but quirky, fun apps in AltStore."
Read on AppleInsider
Apple has been persistently consistent and clear on its view that sideloading brings malware risks, and it's going to take changes in the law to make it allow unapproved apps onto the iPhone. Yet developer Riley Testut has been using one of Apple's own tools to allow users to install apps from outside Apple's curated App Store.
According to Fast Company, AltStore has been downloaded over 1.5 million times since its 2019 launch. It reportedly has over 300,000 active monthly users, and almost 6,000 of those contribute to Testut's Patreon, paying over $14,500 for him to work on the service full time.
Once installed, AltStore lets users add apps made by Testut. Users can also add any app they can find from anywhere, so long as it is using the .ipa format. Versions of social media apps that have had their ads removed are reportedly popular, as are classic game emulators.
AltStore exploits the fact that Apple's Xcode development platform allows users to load apps they're developing, straight onto their own iPhones.
"When Apple announced that [feature in 2015], I was like, 'Oh, so there's some way to install apps onto iOS just with an Apple ID,'" says Testut. "And from there I expanded that into a full solution."
The full solution is not straightforward. It requires a user to install a Mac or PC app called AltServer, then AltStore security signs an app so that appears to have been made by the user.
Apps can only be installed when iPhone and Mac or PC are on the same Wi-Fi network, and running AltServer. Only three such apps can be installed at any time, and one of those is the mandatory AltStore.
It is possible to swap out apps, but there are limits on this too. Any one user can only sideload up to 10 apps per week, and moreover FastCompany says that every app installed must be "refreshed" by connecting to AltServer once a week.
AppleInsider staffers have used the AltStore periodically since release. We can confirm that it works, and does what it is advertised to do. However, the installation of both the AltServer and apps through it can be finicky.
Sideloading is a risk
Testut may not be able to circumvent these and other Apple limitations, but he plans to create a security system that will ensure sideloaded apps are not malicious."There's a lot of risk to sideloading," continues Testut. "Because we're the tool that people are using, it's our responsibility to make sure that we're doing what we can to prevent people from accidentally screwing themselves over."
So perhaps ironically, Testut agrees with Apple about sideloading, or at least he does when it's potentially on a large scale. He does not approve of proposed legislation that would conceivably allow any consumer to download any app, without some protection.
"We don't like the bills, actually," he told Fast Company. "We really think they are too broad, and they have serious ramifications for consumer privacy."
However, Testut does very much believe that everyone should have the right to sideload if they want to. And he believes that the app industry needs that freedom.
"Apple takes an approach to the App Store where they only approve what they imagine already," he says, "so anything that pushes the boundaries of that, Apple will just reject."
"We need a way for apps that push the boundaries to first exist, and then people will see it exist and want it in the App Store," he continues. "No cool, fun apps are coming out. We want to see more small, but quirky, fun apps in AltStore."
Read on AppleInsider
Comments
It’s not that serious. Apple won’t go after users.
Obviously, re-signing someone else’s apps as yours likely violates Apple’s terms and conditions of use of course, so expect this service to be taken down at some point now that it has been publicised here - lol. But yes, it is a tiny issue really - I suspect they have been more focused on companies using enterprise signing in prohibited ways.
Furthermore this Developer, rightly, is concerned about potential privacy and security issues for some of the apps he and his clients have created and wants to internally develop additional protocols (above and beyond Apple's usual Developer review) on his side before side loading.
The article isn't clear on this, but I am assuming that none of the apps are publicly "sold" outside of the Apple App store - rather they are utilized only by the Developer and his clients.
Finally, I agree with the developer and others that a wide and general opening to the public of side loading is inappropriate.
I use all kinds of software and hardware that we haven't written about.
That said, there's no reason to do it just because of the misunderstanding between criminal matters and possible terms of service violations.
That's the great thing about the forums. We all get an opinion and as long as forum rules aren't broken, we all get to express it how we see fit. Even staff.
It is tough luck if Apple takes some flack when something goes wrong due to a sideloaded application. They're a big wealthy company, so I'm sure they can handle the strain.
I suspect Apple will be very wary of retaliating against this developer, because they're already in the crosshairs for their anti-competitive behaviour.
So which law do you think they're breaking?
Great to have this option and even though it has some serious limitations and is quirky to install, it is a needed (IMO) option.
Looking forward to the day we can install apps from places other than the App Store.
It is the only OS I use that I cannot perform this action.