One command to sign any IPA or .app bundle with your free Apple ID. No jailbreak, no paid developer account, no Xcode project.
./altsign-cli sign \
--apple-id you@example.com \
--password 'your-password' \
--udid 00000000-0000000000000000 \
--ipa MyApp.ipaFor an .app bundle:
./altsign-cli sign \
--apple-id you@example.com \
--password 'your-password' \
--udid 00000000-0000000000000000 \
--app path/to/MyApp.app \
--output MyApp_signed.ipaThat's it. Authenticate, create certificates, register device, provision, package when needed, and sign — all in one shot.
- Free Apple ID — no $99/year membership needed
- Single command — the entire signing pipeline runs end-to-end
- IPA and
.appinput — pass an IPA with--ipaor an app bundle with--app - 2FA built-in — prompts for the code inline, no extra steps
- Auto certificate management — creates, persists, and rotates signing certificates automatically
- Multi-bundle — handles
.appexextensions in the IPA - Capabilities — enable HealthKit, App Groups, Push, etc. via
--entitlement - Session caching — login once, reuse for ~1 year
- No Xcode project — only Command Line Tools needed
Requirements: macOS 12+, Xcode Command Line Tools, OpenSSL 3.x
brew install openssl
git clone <repo-url> altsign-cli && cd altsign-cli
./build.shProduces a single ./altsign-cli binary.
./altsign-cli sign \
--apple-id you@example.com \
--password 'your-password' \
--udid 00000000-0000000000000000 \
--ipa MyApp.ipaOutput: MyApp_signed.ipa (or specify --output path.ipa).
./altsign-cli sign \
--apple-id you@example.com \
--password 'your-password' \
--udid 00000000-0000000000000000 \
--app path/to/MyApp.app \
--output MyApp_signed.ipaThe tool packages the app into a temporary IPA, signs it, and writes a signed IPA to --output.
./altsign-cli sign \
--apple-id you@example.com \
--password 'your-password' \
--udid 00000000-0000000000000000 \
--ipa MyApp.ipa \
--entitlement healthkit,app-groups./altsign-cli list --apple-id you@example.com --password 'your-password'When needed, the tool prompts:
2FA verification required. Enter code: _
Enter the 6-digit code from your trusted device. Done.
| Flag | Command | Description |
|---|---|---|
--apple-id <email> |
all | Apple ID email |
--password <pwd> |
all | Apple ID password |
--udid <id> |
sign | Target device UDID |
--ipa <path> |
sign | Input IPA file, or an .app bundle for compatibility |
--app <path> |
sign | Input .app bundle |
--output <path> |
sign | Output path (default: <input>_signed.ipa) |
--entitlement <list> |
sign | Comma-separated capabilities (see below) |
--verbose |
any | Print full API responses |
| Name | Capability | Free Account |
|---|---|---|
app-groups |
App Groups | Yes |
healthkit |
HealthKit | Yes |
push |
Push Notifications | Yes |
sign-in-with-apple |
Sign In with Apple | Yes |
associated-domains |
Associated Domains | No |
external-accessory |
Wireless Accessory | Yes |
gamecenter |
Game Center | Yes |
vpn |
Network Extension / VPN | No |
Capabilities marked No require a paid Apple Developer Program membership ($99/year).
- macOS only — relies on Apple private frameworks for authentication
- 7-day expiry — free account profiles expire in 7 days; re-run to refresh
- Some capabilities are paid-only — VPN/Network Extension, Apple Pay, etc.
Built on the protocol work of AltSign by Riley Testut.
For educational purposes and personal use. Not affiliated with Apple Inc.