AltStore allows limited sideloading of iPhone apps Apple doesn't approve

Apple has been persistently consistent and clear on its view that sideloading brings malware risks, and it's going to take changes in the law to make it allow unapproved apps onto the iPhone. Yet developer Riley Testut has been using one of Apple's own tools to allow users to install apps from outside Apple's curated App Store.

According to Fast Company, AltStore has been downloaded over 1.5 million times since its 2019 launch. It reportedly has over 300,000 active monthly users, and almost 6,000 of those contribute to Testut's Patreon, paying over $14,500 for him to work on the service full time.

Once installed, AltStore lets users add apps made by Testut. Users can also add any app they can find from anywhere, so long as it is using the .ipa format. Versions of social media apps that have had their ads removed are reportedly popular, as are classic game emulators.

AltStore exploits the fact that Apple's Xcode development platform allows users to load apps they're developing, straight onto their own iPhones.

"When Apple announced that [feature in 2015], I was like, 'Oh, so there's some way to install apps onto iOS just with an Apple ID,'" says Testut. "And from there I expanded that into a full solution."

The full solution is not straightforward. It requires a user to install a Mac or PC app called AltServer, then AltStore security signs an app so that appears to have been made by the user.

Apps can only be installed when iPhone and Mac or PC are on the same Wi-Fi network, and running AltServer. Only three such apps can be installed at any time, and one of those is the mandatory AltStore.

It is possible to swap out apps, but there are limits on this too. Any one user can only sideload up to 10 apps per week, and moreover FastCompany says that every app installed must be "refreshed" by connecting to AltServer once a week.

AppleInsider staffers have used the AltStore periodically since release. We can confirm that it works, and does what it is advertised to do. However, the installation of both the AltServer and apps through it can be finicky.

Sideloading is a risk

Testut may not be able to circumvent these and other Apple limitations, but he plans to create a security system that will ensure sideloaded apps are not malicious.

"There's a lot of risk to sideloading," continues Testut. "Because we're the tool that people are using, it's our responsibility to make sure that we're doing what we can to prevent people from accidentally screwing themselves over."

So perhaps ironically, Testut agrees with Apple about sideloading, or at least he does when it's potentially on a large scale. He does not approve of proposed legislation that would conceivably allow any consumer to download any app, without some protection.

"We don't like the bills, actually," he told Fast Company. "We really think they are too broad, and they have serious ramifications for consumer privacy."

However, Testut does very much believe that everyone should have the right to sideload if they want to. And he believes that the app industry needs that freedom.

"Apple takes an approach to the App Store where they only approve what they imagine already," he says, "so anything that pushes the boundaries of that, Apple will just reject."

"We need a way for apps that push the boundaries to first exist, and then people will see it exist and want it in the App Store," he continues. "No cool, fun apps are coming out. We want to see more small, but quirky, fun apps in AltStore."