Distribute unsigned app iPhone

2019-09-14 00:18发布

问题:

Is there any way to distribute an unsigned app through emails or internet? I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.

Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?

Thank you.

回答1:

I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.

The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).



回答2:

You can do it in cydia with link like cydia://package/[package name] However security is really a question here. Not sure if there any code review for the accepted packages.



回答3:

Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.

To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.

Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.

The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.



回答4:

  1. modify the file SDKSettings.plist : make code sign required value is NO
  2. when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
  3. build, get the .ipa file can run on the jailbreak device