DEV.co
Open-Source DevOps · SignTools

SignTools

SignTools is a self-hosted web platform that enables iOS app sideloading without requiring a computer after setup. It uses a macOS builder component for official Apple signing, paired with a service that provides a web interface for uploading, signing, and installing apps.

Source: GitHub — github.com/SignTools/SignTools
2.2k
GitHub stars
270
Forks
Go
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositorySignTools/SignTools
OwnerSignTools
Primary languageGo
LicenseAGPL-3.0 — OSI-approved
Stars2.2k
Forks270
Open issues24
Latest releasev3.0.11 (2026-01-07)
Last updated2026-04-13
Sourcehttps://github.com/SignTools/SignTools

What SignTools is

Written in Go, SignTools separates concerns into a stateless web service and a macOS builder that performs cryptographic signing via Apple's official tools. It supports iOS/iPadOS/macOS targets, OTA installation, tweaks injection, and multiple provisioning profile management.

Quickstart

Get the SignTools source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/SignTools/SignTools.gitcd SignTools# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Homebrew iOS App Distribution

Organizations or individuals needing to distribute unsigned or custom iOS applications internally without App Store submission or jailbreak requirements.

Development & Testing Workflow

Teams that want to streamline ad-hoc app signing and distribution for testing builds across multiple iOS devices without per-computer setup.

Self-Hosted Enterprise Sideloading

Companies deploying internal tools to iOS devices where OTA installation and centralized signing management reduce friction compared to manual provisioning.

Implementation considerations

  • Requires provisioning a macOS builder instance (physical or VM) with proper network connectivity to the web service; builder availability is critical.
  • AGPL-3.0 license mandates that any modifications to the network-accessible service must be open-sourced; review organizational IP policy before customization.
  • Apple signing credentials (developer account, certificates, provisioning profiles) must be securely managed and rotated within the builder; credential compromise exposes all signed apps.
  • Web service must be exposed to end-user devices over HTTPS with proper TLS configuration; network isolation and access control are essential.
  • Docker deployment available; ensure container orchestration, storage persistence, and macOS host scheduling are compatible with your infrastructure.

When to avoid it — and what to weigh

  • App Store Compliance Required — If your workflow requires App Store distribution or Apple's review process, SignTools is not applicable—it is designed for sideloading, not App Store submission.
  • No macOS Infrastructure Available — The builder component requires a dedicated macOS machine for signing. If you cannot provision and maintain a macOS host, deployment is not feasible.
  • Sensitive Commercial Licensing Uncertainty — AGPL-3.0 requires source disclosure of network-accessible modifications. If your organization cannot comply with copyleft obligations or needs proprietary modifications, commercial licensing inquiry is required.
  • Zero iOS Sideload Support Needed — If your deployment model relies exclusively on App Store or MDM, SignTools adds unnecessary infrastructure overhead.

License & commercial use

Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a strong copyleft license requiring that any modifications to network-accessible code be made available under the same terms. Permissive for unmodified use; restrictive for derivative works in production.

AGPL-3.0 permits commercial use of unmodified code, but any network-accessible modifications (custom signing logic, tweaked UI, integrated pipelines) must be open-sourced. If proprietary customization is required, contact maintainers for exclusive licensing. Running unmodified SignTools in a commercial environment is permitted; redistributing modified versions is not without compliance.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Signing operations depend on macOS builder isolation and secure credential storage. Apple developer certificates and provisioning profiles are sensitive cryptographic material—compromise allows arbitrary app signing. No visible mention of credential encryption, access controls, audit logging, or builder authentication. Network exposure via HTTPS is essential. Review builder-to-service communication security (TLS, mutual auth, rate limiting). OTA installation over HTTP may permit network interception; HTTPS delivery is critical. No security audit or vulnerability disclosure policy visible in provided data.

Alternatives to consider

Xcode + Apple Configurator

Official Apple tools; requires per-device setup and computer interaction. Less automation and centralization than SignTools, but no third-party infrastructure or licensing constraints.

Apple Business Manager (ABM) + MDM

Enterprise-grade, Apple-native solution for managed device distribution. Requires Apple Business account and MDM infrastructure. Higher cost, more rigid compliance, but native integration and official support.

EasySigner / similar closed-source signing services

Commercial platforms offering hosted signing without self-hosting. Trade self-hosting complexity for SaaS cost and vendor lock-in; licensing and privacy terms differ significantly.

Software development agency

Build on SignTools with DEV.co software developers

SignTools offers a lightweight, self-hosted alternative to App Store distribution for internal and homebrew app sideloading. Before deployment, confirm macOS infrastructure availability, AGPL-3.0 compliance with your org, and review credential security practices in the documentation.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

SignTools FAQ

Can I use SignTools without a macOS builder?
No. The builder component is a required architectural element that performs signing using official Apple software. Without a macOS machine, you cannot sign apps.
What happens to my Apple credentials when I upload them to SignTools?
Not explicitly documented in provided excerpt. Review INSTALL.md and source code to confirm credential storage, encryption, and access controls. Treat builder as a sensitive, isolated system.
Can I modify SignTools and run it commercially without open-sourcing changes?
No, under AGPL-3.0. Any modifications to code that is network-accessible must be open-sourced. Contact maintainers for exclusive/commercial licensing if proprietary modifications are required.
Does SignTools support App Store distribution?
No. SignTools is designed for sideloading without App Store submission. It is for homebrew apps and internal distribution only.

Work with a software development agency

Need help beyond evaluating SignTools? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.

Evaluate SignTools for Your iOS Distribution Workflow

SignTools offers a lightweight, self-hosted alternative to App Store distribution for internal and homebrew app sideloading. Before deployment, confirm macOS infrastructure availability, AGPL-3.0 compliance with your org, and review credential security practices in the documentation.