As Apple faces pressure to open up the iPhone to third-party App Store providers, one developer has been helping users sideload apps since 2019 — and has issues with overbroad legislation demanding users be able to sideload.
Apple has been persistently consistent and clear on its view that sideloading brings malware risks, and it's going to take changes in the law to make it allow unapproved apps onto the iPhone. Yet developer Riley Testut has been using one of Apple's own tools to allow users to install apps from outside Apple's curated App Store.
According to Fast Company, AltStore has been downloaded over 1.5 million times since its 2019 launch. It reportedly has over 300,000 active monthly users, and almost 6,000 of those contribute to Testut's Patreon, paying over $14,500 for him to work on the service full time.
Once installed, AltStore lets users add apps made by Testut. Users can also add any app they can find from anywhere, so long as it is using the .ipa format. Versions of social media apps that have had their ads removed are reportedly popular, as are classic game emulators.
AltStore exploits the fact that Apple's Xcode development platform allows users to load apps they're developing, straight onto their own iPhones.
"When Apple announced that [feature in 2015], I was like, 'Oh, so there's some way to install apps onto iOS just with an Apple ID,'" says Testut. "And from there I expanded that into a full solution."
The full solution is not straightforward. It requires a user to install a Mac or PC app called AltServer, then AltStore security signs an app so that appears to have been made by the user.
Apps can only be installed when iPhone and Mac or PC are on the same Wi-Fi network, and running AltServer. Only three such apps can be installed at any time, and one of those is the mandatory AltStore.
It is possible to swap out apps, but there are limits on this too. Any one user can only sideload up to 10 apps per week, and moreover FastCompany says that every app installed must be "refreshed" by connecting to AltServer once a week.
AppleInsider staffers have used the AltStore periodically since release. We can confirm that it works, and does what it is advertised to do. However, the installation of both the AltServer and apps through it can be finicky.
Sideloading is a risk
Testut may not be able to circumvent these and other Apple limitations, but he plans to create a security system that will ensure sideloaded apps are not malicious.
"There's a lot of risk to sideloading," continues Testut. "Because we're the tool that people are using, it's our responsibility to make sure that we're doing what we can to prevent people from accidentally screwing themselves over."
So perhaps ironically, Testut agrees with Apple about sideloading, or at least he does when it's potentially on a large scale. He does not approve of proposed legislation that would conceivably allow any consumer to download any app, without some protection.
"We don't like the bills, actually," he told Fast Company. "We really think they are too broad, and they have serious ramifications for consumer privacy."
However, Testut does very much believe that everyone should have the right to sideload if they want to. And he believes that the app industry needs that freedom.
"Apple takes an approach to the App Store where they only approve what they imagine already," he says, "so anything that pushes the boundaries of that, Apple will just reject."
"We need a way for apps that push the boundaries to first exist, and then people will see it exist and want it in the App Store," he continues. "No cool, fun apps are coming out. We want to see more small, but quirky, fun apps in AltStore."
20 Comments
So AI is using an app that violates Apple’s rules and actually telling people about it. I can’t wait for Apple to find out about it. The developer should lose the license/developer certificate while Apple can immediately cancel all apps using that certificate. I also wonder if Apple could go after the users, including AI. Be careful about removing my comment because all I’m doing is commenting on illegal activity, both the developer’s and user’s violations. I’m talking about the misuse of the obvious Xcode development program. This is not for limited testing, the developer is getting paid which is against Apple rules.
Cancel his developer license. Next…
Could be another Epic plant. Make them break the rules and then protest when they get kicked out.
It’s not that serious. Apple won’t go after users.
I'm more than surprised Apple has not engaged a small team of lawyers to stamp this out. If he's been doing it since 2019 there must be a loophole in Apple's terms of service because this guy isn't hiding his operation. At the very least it seems like anyone using this capability would owe Apple a $100/year developer fee. That would be $30 million per year that Apple is owed. Or maybe Apple simply sees this as a gnat-sized problem and they have bigger problems to deploy their legal forces against.