Distribution Methods

There are a few major factors and methods from each of these sections including certificates, exploits, and computer use.

Developer Certificates

Of the many methods of 3rd party application distribution the developer certificate methods are the original, and most popular.

What is a certificate exactly?

Image of App Process

Hopefully not too vague, but this is taken from Apple’s Enterprise Tech Notes. The binary (application or .ipa files) are “signed” with a private key (key.p12: held on the developer’s computer) and a public key (embedded.mobileprovision: stored within the app). These are utilized together with some certificate verification servers (CRL and OCSP) to let your device know if it is okay to launch an application. The applications on the official AppStore are signed the same way, but privately by Apple once you submit an application to the AppStore.

The benefit of the remote verification server is the “false sense of security” it allows for. It should just allow Apple to say “no cancel/delete/revoke x or y account or certificate” and it does… but with a very low followthrough. There is simply just too many people doing it, similar to what happened with the media and torrenting. But the major problem came from the fact that many unrealized oversights have let many people utilize this emerging market of alternative app distribution methods. The biggest would be “the great data trick of 2013“.

Although the original use case was the Enterprise Development Certificates to sign applications to be able to run from a 3rd party location. The original store was Emu4iOS, but is currently dominated by AppValley US. The Enterprise Certificates allowed users from any device (all were provisioned by default) to install any app, even ones they made themselves.

Other developers such as those of MacBuildServer (what Emu4iOS originally utilized), went on to develop my current all-time favorite service, Build Store, that utilizes Apple Developer Certificates rather than Enterprise.

Enterprise Certificate

Being the infamous technique that has driven public 3rd party AppStores since 2013.

The attraction comes from the fact that, at the time, it was relatively based on trust to obtain and use one within your own business else the account would be terminated. It would also allow for a free method of application distribution, which actually did not even exist, or was extremely difficult to set up at the time! This did force Apple to make some changes over time, turning more to the pro-developer mindset, even creating the free provisioning (which has also changed many times).

Leniency and slow fixes have allowed the 3rd party AppStores to thrive. There have been many historical hiccups, fixes, bypasses, techniques, and ideas for solutions to continue to use this method. But, as it may soon be more and more difficult to utilize (Apple slowly implementing new security) and reverse engineer.

Apple Developer Certificate

The regular Apple Developer Certificates have a rich history of their own as well. But the simple difference with this one is that all is required to obtain is $100 per year. But you are limited to allowing 100 of each type of device (iPhone, iPad, etc). So the model here is to just charge monthly, and obtain in bulk.

This is both really common and very popular.

Build Store does this very well.

Free Provisioning

In recognition of the massive need for a “trial” based signing idea. Something to attract young developers and to get people away from the Enterprise certificates used.

Computer Use

One of the other major popular features some services offer over others is the option to not need any computer. You may have to pay a small fee or watch some ads, but the return on value is massive.

Some methods allow for the computer to act as a server or host, direct app installer, or exploit driver.

Exploit Driven

Sandbox

There are many hush-hush rumors of some new changes to lead the new market, they are far safer than a jailbreak but do still require a basic exploit.

Historically there have been some “lite” exploits as well from a couple chinese stores.

Jailbreak

What most people may be familiar with is the Cydia market, from jailbreaking your device (a.k.a. escaping the device jail.) to have full device access.