explaingit

opa334/trollstore

21,409Objective-CAudience · developerComplexity · 4/5MaintainedSetup · hard

TLDR

iOS app that installs other apps permanently without jailbreaking, by exploiting a signature verification bug in Apple's system.

Mindmap

mindmap
  root((repo))
    What it does
      Installs iOS apps
      Bypasses signature checks
      Grants special permissions
    How it works
      Exploits CoreTrust bug
      Multiple code signers
      Persistence helper
    Supported versions
      iOS 14.0 to 16.6.1
      iOS 16.7 RC
      iOS 17.0
    Use cases
      Install custom apps
      Run without sandbox
      Use private APIs
    Tech stack
      Objective-C
      theos toolkit

Things people build with this

USE CASE 1

Install custom iOS apps on your device without needing a traditional jailbreak.

USE CASE 2

Run apps with special permissions like sandbox escape and root helper processes.

USE CASE 3

Use private system APIs that Apple normally blocks in App Store apps.

USE CASE 4

Maintain persistent app installations even after iOS cache reloads.

Tech stack

Objective-Ctheos

Getting it running

Difficulty · hard Time to first run · 1day+

Requires macOS with Xcode, theos framework setup, understanding of iOS internals, and likely needs a physical iOS device or simulator with specific OS version to test the exploit.

License could not be detected automatically. Check the repository's LICENSE file before use.

In plain English

TrollStore is an iOS app that can permanently install other iOS apps (in the IPA format) on a device without needing a traditional jailbreak. It works by exploiting a bug in Apple's code signature verification system (AMFI/CoreTrust), where iOS fails to correctly verify signatures when a binary has multiple signers. This lets TrollStore install apps with special permissions that Apple would normally block. Supported iOS versions are 14.0 beta 2 through 16.6.1, 16.7 RC, and 17.0. Newer versions (16.7.x and 17.0.1+) are not and likely will never be supported unless another similar bug is found. One practical complication is that iOS can reload its icon cache and revert installed apps back to a limited "User" state, making them unlaunchable. TrollStore addresses this with a "Persistence Helper," a small utility installed into a system app that can re-register TrollStore's installed apps as "System" apps when needed. Apps installed through TrollStore can carry special entitlements, including the ability to run without Apple's app sandbox, to run helper processes as root, and to use many private system APIs. Some entitlements are blocked on newer hardware and cannot be used. TrollStore is built using theos, an iOS development toolkit, and is credited to researchers who discovered the underlying CoreTrust bugs.

Copy-paste prompts

Prompt 1
How do I use TrollStore to install a custom IPA file on my iOS device?
Prompt 2
What are the differences between apps installed via TrollStore versus the App Store?
Prompt 3
How does TrollStore's Persistence Helper keep installed apps from reverting to User state?
Prompt 4
Which iOS versions support TrollStore and why are newer versions not compatible?
Prompt 5
What special entitlements can apps gain when installed through TrollStore?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.