Steve Troughton-SmithExercising my EU-given right to run an alternative app store (@rileytestut’s upcoming @altstore) 😜
One thing @altstore does that should really get you thinking about alternative payment systems that Apple never would have considered: it has Patreon integration, and can tie access to apps to your Patreon pledge — which gives you an entirely different, personal relationship with your users, and lets you use the same reward system you use for videos, blog posts, merch etc. Alternative app stores don’t just have to recreate Apple’s model. And this provides a CTF-friendly avenue (and 1M user cap)
AltStore also gives the security-conscious a granular view of the entitlements an app might have, before you install it, with a helpful description of what each means — much more insight than the App Store gives
Like earlier versions, @altstore also supports Sources, so you can directly control the repository of apps you offer in their marketplace. Of course, all of these apps must still be notarized/reviewed by Apple and assigned to AltStore’s marketplace ID through App Store Connect, so it’s not a Wild West. Legacy sources will need to be updated to conform, which should be pretty easy!
Grant Butler@stroughtonsmith this is something that feels so obvious in hindsight. Like, AltStore is able to do this because this info ships in an inspectable way with the app. Why doesn’t Apple’s App Store do this?
Reinald Freling@stroughtonsmith @rileytestut this looks so good! This si important work that will hopefully show Apple what can be done with an App Store when done for the benefits of users and developers.
Can’t wait to give AltStore a try!
Saagar Jha@stroughtonsmith I am super excited to see actual innovation in the software packaging space
David Heidelberg@saagar @stroughtonsmith Linux packaging? wink, wink
@okias @stroughtonsmith brb let me go backdoor some stuff first
@saagar @stroughtonsmith now you spoiled it! Well, at least now you can save few years writing it and the shame after it get discovered after few days. But if you working on proprietary, then I assume it's part of your contract, so of course you should do your job :D
Heals 
@stroughtonsmith while that's a nice listing it doesn't really add anything in terms of security as all of those entitlements will still be prompted for by iOS anyway.
On the other hand, being on an alternate AppStore without vetting or reviews you can probably get away with uploading apps that have unreasonable permission requests and people will still install them because they think "that's probably needed for it to work”.