|Developer's Facility Used To Create Open Apple App Store|
|Written by Mike James|
|Monday, 30 September 2019|
AltStore - cute name - is an alternative to the App store that you can use to install programs that are not under the control of Apple - and all without jailbreaking your phone. How can the walled garden be breached so easily?
Even if you have locked your hardware down so tight it is unimaginable that someone will find a way around your defences, you still have to provide a way for developers to try out their creations. Apple's solution is to charge the developer $99 per year for access to certificates needed to run test programs and submit final versions to the App store.
A while ago Apple started offering a more limited free service which allows any user with an Apple ID to install apps. The intent was to allow students to create apps in more casual way as part of their education and perhaps grow up to be full Apple developers. The actual result, when you analyze the situation, is that it just opened a huge hole in its walled garden allowing anyone to install almost any app they cared to use. In essence, Apple lost control of the apps that you could install on your phone and the only defence remaining was that most users didn't really notice and hence didn't take advantage of it. This is all about to change.
Developer Riley Testut has created AltStore an app that uses the user's Apple ID to side-load any app. Basically what happens is that the app uses your developer certificate to sign the app in question and then it can be installed as if it was an app you had developed.
The only downside is that an Apple ID cannot be used to install an app via the network - it is assumed you have the app locally because you programmed it. AltServer, however, is AltStore's desktop companion to first download the app and then transfer it to the local machine using the iTunes sync method to install the app onto the device. AltServer is also the way to get AltStore installed on the device in the first place.
Apps signed with an Apple ID are only valid for 7 days - however this isn't a problem as AltStore automatically resigns the apps before this period is up. The final problem is that the certificate is limited to three apps at a time. This is short circuited by creating false provisioning profiles which are used by iOS to do the checking - it doesn't actually check if the apps are present.
So that's it - days of the walled garden are over? Not really. Anyone who thinks this, is underestimating Apple's ability to control its platform. In fact, you can look at the Apple ID loophole as a rare lapse of concentration.
There are lots of things Apple can to do make AltStore look less attractive. Checking to see if the app is really installed would limit the number of illegal apps. Adding a requirement that the code has to change before the app can be re-installed after 7 days would also limit things. The simplest solution of all would be to withdraw the Apple ID testing facility. After all, it's free and just one way you can get students interested in programming on the Apple platform.
It will be interesting to see how Apple fixes the problem because fix it, it almost certainly will. It will be sad if, instead of a technical solution, it simply sends out a cease and desist letter - but that would work as well.
Fear and Loathing In The App Store
or email your comment to: email@example.com
|Last Updated ( Monday, 30 September 2019 )|