By now we’ve all heard about the wonders of Lars Fröder’s TrollStore utility, the perma-signing app that takes full advantage of a CoreTrust bug in iOS & iPadOS 14.0 beta 2 through 16.6.1, 16.7 RC (20H18) and 17.0. But have you ever wondered if these capabilities would ever be possible on an Apple Watch?
That’s one avenue that software tinkerer Lior Halphon (@LIJI32) decided to explore, and it turned out to be a rather fruitful one. In a post shared to X (formerly Twitter), Halphon teased a video of an app that they had perma-signed on an Apple Watch. In the video, Halphon launches what appears to be an emulator for Pokémon Silver for Game Boy on the Apple Watch:
According to the post, this feat was made possible with the MacDirtyCow bug (CVE-2022-46689) and the original 2022 CoreTrust bug (CVE-2022-26766), and much like apps that would be perma-signed on an iPhone or iPad, the Apple Watch apps have arbitrary entitlements that give them more leeway than traditional App Store apps.
Another important tidbit of information is that the feat was accomplished on an Apple Watch running watchOS 8.3. Halphon didn’t mention getting this to work on any other firmware, but they did mention that if they replaced the 2022 CoreTrust bug with the newer one that this would work with watchOS 9.1 and older.
But as cool as this is, don’t get yourself too excited, as it was mostly a proof of concept. Halphon said in a response to a reply to the original post that they are unsure about productizing this work, but they may release a proof of concept on GitHub at some point in the future. This may prove useful to a developer who decides to make this into a usable item for the masses in the future, but there’s no guarantee that this will ever happen.
It’s worth noting that it wasn’t TrollStore developer Lars Fröder who first brought TrollStore to the Apple TV, but rather it was Misaka lead developer @straight_tamago, so it’s not entirely out of the question for an unrelated developer to expand TrollStore support to more devices.
In any case, it’s really fascinating to see people making interesting things happen on the Apple Watch, as we feel that it’s a powerful wrist-based computer that has been seriously throttled in capabilities by Apple. Harnessed to its full potential, the Apple Watch may prove even more useful than it already is, and we think those arbitrary entitlements afforded by the CoreTrust bug would prove handy in that department.
It will indeed be interesting to see whether anything materializes from this awesome proof of concept, even if it doesn’t come from Halphon directly. Perhaps at some point, a GitHub-based proof-of-concept will inspire another developer to work on something like this for the general public.
What are your thoughts about being able to perma-sign apps on the Apple Watch? Let us know in the comments section down below.