explaingit

opa334/trollstore

Analysis updated 2026-05-18

21,341Objective-CAudience · developerComplexity · 4/5Setup · hard

TLDR

iOS app that installs other apps permanently without jailbreaking, by exploiting a signature verification bug in Apple's system.

Mindmap

mindmap
  root((repo))
    What it does
      Installs iOS apps
      Bypasses signature checks
      Grants special permissions
    How it works
      Exploits CoreTrust bug
      Multiple code signers
      Persistence helper
    Supported versions
      iOS 14.0 to 16.6.1
      iOS 16.7 RC
      iOS 17.0
    Use cases
      Install custom apps
      Run without sandbox
      Use private APIs
    Tech stack
      Objective-C
      theos toolkit
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Install custom iOS apps on your device without needing a traditional jailbreak.

USE CASE 2

Run apps with special permissions like sandbox escape and root helper processes.

USE CASE 3

Use private system APIs that Apple normally blocks in App Store apps.

USE CASE 4

Maintain persistent app installations even after iOS cache reloads.

What is it built with?

Objective-Ctheos

How does it compare?

opa334/trollstorebradlarson/gpuimagemustangym/wechatextension-formac
Stars21,34120,30422,644
LanguageObjective-CObjective-CObjective-C
Setup difficultyhardmoderatehard
Complexity4/52/53/5
Audiencedeveloperdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires macOS with Xcode, theos framework setup, understanding of iOS internals, and likely needs a physical iOS device or simulator with specific OS version to test the exploit.

License could not be detected automatically. Check the repository's LICENSE file before use.

In plain English

TrollStore is an iOS app that can permanently install other iOS apps (in the IPA format) on a device without needing a traditional jailbreak. It works by exploiting a bug in Apple's code signature verification system (AMFI/CoreTrust), where iOS fails to correctly verify signatures when a binary has multiple signers. This lets TrollStore install apps with special permissions that Apple would normally block. Supported iOS versions are 14.0 beta 2 through 16.6.1, 16.7 RC, and 17.0. Newer versions (16.7.x and 17.0.1+) are not and likely will never be supported unless another similar bug is found. One practical complication is that iOS can reload its icon cache and revert installed apps back to a limited "User" state, making them unlaunchable. TrollStore addresses this with a "Persistence Helper," a small utility installed into a system app that can re-register TrollStore's installed apps as "System" apps when needed. Apps installed through TrollStore can carry special entitlements, including the ability to run without Apple's app sandbox, to run helper processes as root, and to use many private system APIs. Some entitlements are blocked on newer hardware and cannot be used. TrollStore is built using theos, an iOS development toolkit, and is credited to researchers who discovered the underlying CoreTrust bugs.

Copy-paste prompts

Prompt 1
How do I use TrollStore to install a custom IPA file on my iOS device?
Prompt 2
What are the differences between apps installed via TrollStore versus the App Store?
Prompt 3
How does TrollStore's Persistence Helper keep installed apps from reverting to User state?
Prompt 4
Which iOS versions support TrollStore and why are newer versions not compatible?
Prompt 5
What special entitlements can apps gain when installed through TrollStore?

Frequently asked questions

What is trollstore?

iOS app that installs other apps permanently without jailbreaking, by exploiting a signature verification bug in Apple's system.

What language is trollstore written in?

Mainly Objective-C. The stack also includes Objective-C, theos.

What license does trollstore use?

License could not be detected automatically. Check the repository's LICENSE file before use.

How hard is trollstore to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is trollstore for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub opa334 on gitmyhub

Verify against the repo before relying on details.