[GH-ISSUE #1241] [Feature]: Support apps that create VPN connections #718

New issue

Open

opened 2026-03-03 19:00:27 +03:00 by kerem · 4 comments

kerem commented

2026-03-03 19:00:27 +03:00

Owner

Originally created by @singularity-s0 on GitHub (Dec 1, 2023).
Original GitHub issue: https://github.com/PlayCover/PlayCover/issues/1241

I have a iOS app that creates a VPN connection that I would like to run on macOS. The app opens normally in PlayCover, but fails when creating the VPN connection. Log shows that the app uses the NEVPNManager API and got Permission Denied when calling saveToPreferences(). Upon research, it seems that NEVPNManager requires a special entitlement that is not available to non App Store apps (not sure about this part).

Describe the solution you'd like

Find a way to bypass the entitlement requirement, or add this entitlement to PlayCover so apps can create VPN connections. Not sure if this can be accomplished without disabling SIP, but any suggestion is welcome.

Anything else?

Sideloading doesn’t work either, as free accounts are not eligible for this entitlement.

Issue Language

Yes my issue is written in English

Originally created by @singularity-s0 on GitHub (Dec 1, 2023). Original GitHub issue: https://github.com/PlayCover/PlayCover/issues/1241 ### Is your feature request related to a problem? I have a iOS app that creates a VPN connection that I would like to run on macOS. The app opens normally in PlayCover, but fails when creating the VPN connection. Log shows that the app uses the [NEVPNManager](https://developer.apple.com/documentation/networkextension/nevpnmanager/) API and got Permission Denied when calling [saveToPreferences()](https://developer.apple.com/documentation/networkextension/nevpnmanager/1405985-savetopreferences). Upon research, it seems that NEVPNManager requires a special [entitlement](https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_networking_vpn_api) that is not available to non App Store apps (not sure about this part). ### Describe the solution you'd like Find a way to bypass the entitlement requirement, or add this entitlement to PlayCover so apps can create VPN connections. Not sure if this can be accomplished without disabling SIP, but any suggestion is welcome. ### Anything else? Sideloading doesn’t work either, as free accounts are not eligible for this entitlement. ### Issue Language - [X] Yes my issue is written in English

kerem added the

enhancement

documentation

labels

2026-03-03 19:00:27 +03:00

kerem commented

2026-03-03 19:00:28 +03:00

Author

Owner

@aszmax0007 commented on GitHub (Dec 2, 2023):

same problem here, have tried several ios Apps , either cashed or failed to authorize VPN

@aszmax0007 commented on GitHub (Dec 2, 2023): same problem here, have tried several ios Apps , either cashed or failed to authorize VPN

kerem commented

2026-03-03 19:00:28 +03:00

Author

Owner

@singularity-s0 commented on GitHub (Dec 3, 2023):

Many iOS apps make use of special entitlements. There is a list that document entitlements available only to apps signed with a paid developer account. If we find a workaround, it might eliminate a whole class of problem.

@singularity-s0 commented on GitHub (Dec 3, 2023): Many iOS apps make use of special entitlements. There is a [list](https://developer.apple.com/help/account/reference/supported-capabilities-ios#//apple_ref/doc/uid/TP40012582-CH38) that document entitlements available only to apps signed with a paid developer account. If we find a workaround, it might eliminate a whole class of problem.

kerem commented

2026-03-03 19:00:28 +03:00

Author

Owner

@MhAmerian commented on GitHub (Jan 18, 2024):

Many iOS apps make use of special entitlements. There is a list that document entitlements available only to apps signed with a paid developer account. If we find a workaround, it might eliminate a whole class of problem.

In jailed Iphones, those apps works fine with trollstore, I think you can find a way same as trollstore doing on phones

@MhAmerian commented on GitHub (Jan 18, 2024): > Many iOS apps make use of special entitlements. There is a [list](https://developer.apple.com/help/account/reference/supported-capabilities-ios#//apple_ref/doc/uid/TP40012582-CH38) that document entitlements available only to apps signed with a paid developer account. If we find a workaround, it might eliminate a whole class of problem. In jailed Iphones, those apps works fine with trollstore, I think you can find a way same as trollstore doing on phones

kerem commented

2026-03-03 19:00:28 +03:00

Author

Owner

@singularity-s0 commented on GitHub (Jan 19, 2024):

TrollStore relies on a CoreTrust bug. On Apple systems, every entitlement has to be either signed by Apple or authorized by a provisioning profile signed by a developer certificate. TrollStore uses a CoreTrust bug to "fake" an Apple root certificate so that the system thinks the app is signed by Apple. It is almost like jailbreaking, just not as invasive.

The problem with provisioning profile is that many entitlements require paid developer accounts. If you have one, you may be able to sign apps with many special entitlements, but still not arbitrary ones like TrollStore.

@singularity-s0 commented on GitHub (Jan 19, 2024): TrollStore relies on a CoreTrust bug. On Apple systems, every entitlement has to be either signed by Apple or authorized by a provisioning profile signed by a developer certificate. TrollStore uses a CoreTrust bug to "fake" an Apple root certificate so that the system thinks the app is signed by Apple. It is almost like jailbreaking, just not as invasive. The problem with provisioning profile is that many entitlements require paid developer accounts. If you have one, you may be able to sign apps with many special entitlements, but still not arbitrary ones like TrollStore.