Skip to content

Add HealthKit capability mapping#44

Closed
jsilets wants to merge 61 commits into
rileytestut:masterfrom
jsilets:codex/healthkit-capability
Closed

Add HealthKit capability mapping#44
jsilets wants to merge 61 commits into
rileytestut:masterfrom
jsilets:codex/healthkit-capability

Conversation

@jsilets

@jsilets jsilets commented Jul 11, 2026

Copy link
Copy Markdown

Summary

Map the standard HealthKit entitlement to Apple Developer Portal's HealthKit App ID feature.

AltStore and AltServer already derive required App ID features from an app's signed entitlements. AltSign currently recognizes App Groups and Inter-App Audio, but not HealthKit, so com.apple.developer.healthkit is ignored and the regenerated provisioning profile does not authorize HealthKit.

This adds the bidirectional mapping:

  • com.apple.developer.healthkit
  • HK421J6T7P

Only the base Boolean entitlement is mapped. Secondary HealthKit entitlements such as com.apple.developer.healthkit.access and com.apple.developer.healthkit.background-delivery are intentionally not mapped to the App ID feature because their original values are not valid feature values. AltSign's existing signer continues to preserve only entitlements present in both the original app and regenerated profile.

Related to altstoreio/AltStore#1518.

Verification

  • xcodebuild -workspace AltStore.xcworkspace -scheme AltStore -destination generic/platform=iOS CODE_SIGNING_ALLOWED=NO build succeeds with this AltSign commit.
  • Direct Clang syntax check of ALTCapabilities.m succeeds.
  • git diff --check succeeds.
  • The existing AltTests scheme was attempted on an iPhone 17 Pro simulator. Its build fails in the unchanged test target because the Nuke module search path cannot be resolved, before tests execute.

An on-device provisioning check is still pending to confirm the regenerated profile and resigned executable both contain the HealthKit entitlement.

rileytestut and others added 30 commits August 21, 2020 12:37
Beginning of eventual transition to all-Swift AltSign for cross-platform compatibility with Windows.
Primarily used by AltDaemon to memory map provisioning profiles so it can remain under system daemon memory limit.
Adds null-pointer checks to prevent dereferencing null pointer if profile is in unexpected format.
Fixes “/var/“ vs “/private/var/“ mismatched URLs by first resolving symbolic links.
On iOS 14, app entitlements are checked on installation. This makes it
difficult to distribute a single IPA for both < iOS 13.5 with psychic paper
and >= iOS 13.5 where the entitlements should be ignored.
Option to disable private entitlement copying
Allows apps to once again use JIT on iOS 14.2 and later.
As of January 28, 2021, Apple began signing provisioning profiles with a new WWDR intermediate certificate. This broke all apps installed with AltStore after that date, but updating our local certificate to match Apple’s fixes the issue.
Allows AltSign to be linked as static library without additional resources.
Some Apple IDs (especially paid developer accounts) are still using the legacy WWDR certificate, so we now choose the correct one to use at runtime.
iOS 15 requires a new code signature that embeds the raw entitlements directly into the binary, which coexists with the previous property list-based entitlements format.
Thrown when Apple's authentication servers don't accept the provided anisette data, such as when the anisette data's date is from the "future".
Previously, unzipping progress was tracked by number of files unzipped. Now, we track progress by number of _bytes_ unzipped, which handles large files much better.
Convenience function to convert NSOperatingSystemVersion to displayable string.
rileytestut and others added 26 commits May 16, 2022 16:36
We can’t call alt_setUserInfoValueProviderForDomain: from AltSign, so instead we just manually replicate the logic for returning correct NSLocalizedDescription value.
Also adds ALTUnderlyingAppleAPIErrorDomain to represent errors passed on directly from AppleAPI responses.
…’t exist

-22406 is thrown when the password is incorrect, but -20101 is thrown when the provided email is incorrect.
…ewRequest]

Marking init as nullable conflicted with NSObject’s nonnull definition, so we now use a separate factory method instead for creating new requests to avoid warnings.
…fier, team-identifier, or get-task-allow

Apps signed with development profiles must have all these entitlements.
Now resigns app with the exact keychain-access-groups the original app was signed with, except updated with new team identifier.
Fixes various codesigning issues with certain apps.
Recursive wildcard paths are no longer supported with Xcode 16, so we point to the public header directory instead.
@jsilets

jsilets commented Jul 11, 2026

Copy link
Copy Markdown
Author

Replaced by #45 using the clean healthkit-capability branch name.

@jsilets jsilets closed this Jul 11, 2026
@jsilets jsilets deleted the codex/healthkit-capability branch July 11, 2026 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants