- Frequently Asked Questions (F.A.Q.)
- Table of Contents
- Free developer account limitations
- What kind of certificates/provisioning profiles are supported?
- App runs, but malfunctions due to invalid signing/entitlements
- "This app cannot be installed because its integrity could not be verified."
- "Unable To Install *.ipa"
- Install button does not work
Aka "Install button doesn't work", "Unable to install *.ipa". This is a deliberate restriction by Apple, not a bug. Open the signer service page on your computer, click "Download", then sideload the app manually.
For each device where you want to sideload apps, you need to have installed any app signed with your developer account at least once manually before using this service. Doing so will register your device's identifier (UDID) with the developer account, something the builder cannot do without physical connection with your device.
On macOS: You can just build a blank new app or SimpleApp and run it on your phone. That will take care of UDID registration.
On all other platforms: You can install any app with a third-party signing tool like AltStore. That will take care of UDID registration.
Upon submitting an app for signing, you will be redirected to the index page (dashboard), where you will see the new app as "processing". If the account used to sign this app requires a 2FA code, in next minute it will be sent to you by Apple. If this happens, click the Submit 2FA button on your app in the dashboard and enter the code you just received. It will be used by the builder to finish logging into your account and perform the signing.
If you use one of the CI builders, each time you sign an app a new computer will be added as "signed in" to your account. Currently, there is no way to automatically sign out a builder after it's done. You can always remove these computers manually, either from your Apple device or appleid.apple.com. If you are uncomfortable with this, use a separate Apple account.
Resign it and you will get another 7 days.
Re-use an existing app's bundle id if you hit the limit. Note that the old app will be replaced with the new one when you install it. Otherwise, wait for an app id to expire.
-
Apple Development
This is the default certificate type. If you have a free developer account, it grants you access to some standard entitlements, including app debugging (
get-task-allow), which is necessary for some jailbreaks and emulators. If you have a paid developer account, it grants you access to all standard entitlements. This is the recommended type of certificate to use. -
Apple Distribution
This certificate type is only available to paid developer accounts, as it is used when publishing an app. It grants you access to every standard entitlement, except for app debugging (
get-task-allow). Additionally, it allows you to use production entitlements such as push notifications. Only use this type of certificate if you need those extra entitlements.
-
Wildcard
Its
application-identifierlooks likeTEAM_ID.*. It can properly sign any app (TEAM_ID.app1,TEAM_ID.app2, ...), but it can't contain most standard entitlements such as app groups or iCloud containers. -
Explicit
Its
application-identifierlooks likeTEAM_ID.app1. It can properly sign only one app (TEAM_ID.app1), but it can contain any standard entitlement. You can also improperly sign any app with any id, but some functions such as file importing will not work.
First, make sure you are signing the app correctly and not breaking the entitlements. Read the kinds of certificates and profiles section.
If that doesn't help, you need to figure out what entitlements the app requires. unc0ver 6.0.2 and DolphiniOS emulator need the app debugging (get-task-allow) entitlement. Make sure you are using a signing profile with get-task-allow=true in its provisioning profile. Also, when you upload such an app to this service, make sure to tick the Enable app debugging option. Since this is a potential security issue, it will be disabled by default unless you tick the box.
This error means that the signature is invalid. Is your signing profile valid? Is your device's UDID registered with the signing profile? To debug this problem, install libimobiledevice (for Windows: imobiledevice-net). Download the problematic signed app from your service to your computer, then attempt to install it on your iOS device:
ideviceinstaller -i app.ipaYou can also use -u YOUR_UDID -n to run this command over the network. When the installation finishes, you should see a more detailed error. Please create an issue here on GitHub and upload the unsigned app along with the detailed error from above so this can be fixed.
This error means that there was a problem while installing the app. Are you trying to web install (OTA) an app signed with a free developer account? That's sadly not possible. Read the free account limitations section.
Otherwise, try installing again, sometimes it's a network problem. If that doesn't help, refer to the integrity verification error section.
Check your logs for something among these lines:
WRN using OTA manifest proxy, installation may not work
If you see the warning, then you are trying to access the service over HTTP instead of HTTPS. Apple only allows OTA installation over HTTPS, so to make it work for you, a special manifest proxy is used. The server that delivers the proxy is limited to 100,000 requests per day globally, so unfortunately the limit has likely been reached. Wait one day, or access your service over HTTPS instead.