[misnome]

You need to re-sign it frequently because the certificate is only short-lived, and I think there are difficulties in signing existing binaries that make it mostly only useful for things you can distribute the source for.

It's not really an alternative to an app store. There are also enterprise signing certificates for distributing custom apps within large companies without these restrictions, along with cases in the past where people have abused this to distribute; these are usually shut down pretty quickly as a blatant violation of the licencing agreement.

[johncolanduoni]

Re-signing iOS binaries is tedious, but ultimately scriptable (including creating certificates, provisioning profiles, etc.). Android’s sideloading is significantly easier, and it still hasn’t led to anyone competing with their App Store.

[mvn9]

>still hasn’t led to anyone competing with their App Store.

F-Droid.org?

[anchpop]

Amazon at one point made a strong attempt to compete, and I actually bought a few apps from there. Also, on Android Epic made their own app store you had to sideload to download Fortnite.

[mvn9]

How can they shut down distribution? If a personal team can install any sourcecode, how could apple block the distribution? Even if they scan for a binary hash, all it takes are some minor modifications to have a different program to install.

[misnome]

Oh, no there are a few of things here, and I think I got slightly confused. There is local signing, which I believe is short term - e.g. your own machine and device, which doesn't require paying anything to apple for a developer membership. This is for on-device testing.

There's also Ad-hoc signing, which I believe is longer-lived, requires a developer account, but has restrictions on how many people you can send it to.

As an enterprise user you can also distribute apps yourself to company employees without going via app store verification, though I think it's much harder to get onto this program https://developer.apple.com/programs/enterprise/ . This is what has occasionally been abused, I don't know how the certificate is revoked centrally though, but it's not for [user] self-compiled code.

It's possible that my knowledge of this is slightly off, because it was a few years since I worked with this stuff.

[Someone]

They can’t shut down distribution of source code, but:

- your typical user wouldn’t know what to do with it

- every install would run only for a limited time (only apps distributed through the App Store have a certificate that doesn’t expire), so those users would have to reinstall the app every week or so.

- it would make it harder for them to make money from it (they would give away the game for free. The in-game store wouldn’t give away stuff, but the source likely would soon be changed to support alternative stores)

[mvn9]

>but the source likely would soon be changed to support alternative stores

Which is only fair for those who circumvent the original store.