A macOS GUI for ipatool — search the App Store, sign in with your Apple ID, and download .ipa files for apps tied to your account. Also lists every app installed on a USB-connected iPhone and resolves their App Store IDs automatically — even for delisted apps.
Built with Wails v2 (Go + a small vanilla-JS frontend).
- Search the App Store and see results inline with bundle ID, version, and price
- Sign in to your Apple ID directly in the app, with 2FA handled in a follow-up prompt
- Download an
.ipato a folder of your choice — the row itself becomes a progress bar as the file streams in - Pick an older version from a dropdown (most recent 25 versions of an app, with release dates)
- Direct download by bundle ID, numeric App ID, or pasted App Store URL — handy for delisted apps
- From iPhone — list every app installed on a USB-connected iPhone, with their App Store IDs auto-resolved from each app's on-device
iTunesMetadata.plist. The button glows when a phone is plugged in. - Region-aware app icons for the iPhone list — each row fetches its real App Store artwork from the storefront the app was actually purchased in (so AU-only apps come from the AU catalogue)
- Account ownership awareness — each iPhone row shows the DSID (Apple account number) that owns the app, coloured green/red against your signed-in account. If it's red, a Sign in as owner button opens the sign-in panel and auto-resumes the download after re-auth.
- Live filter over the iPhone list (Cmd+F, Esc to clear) with a clear button
- Token-expired auto-recovery — when ipatool's session expires mid-download, the sign-in panel opens and the download resumes automatically once you re-auth
All actual App Store work is delegated to ipatool; this is a thin GUI on top, plus a small layer of libimobiledevice glue for the iPhone integration.
- macOS (Apple Silicon — easy to extend to Intel by changing the homebrew paths)
ipatoolfor App Store auth and downloads:brew install ipatool
libimobiledevicefor the iPhone integration (ideviceinstaller+idevice_id):brew install libimobiledevice ideviceinstaller
- An Apple ID with at least one app in its purchase history (free apps work fine)
If you don't need the iPhone integration, libimobiledevice is optional — the From iPhone button will simply tell you it can't find the tool.
You'll need:
- Go 1.21+
- Node.js 18+
- The Wails CLI:
go install github.com/wailsapp/wails/v2/cmd/wails@latest
Then:
git clone https://github.com/jowtron/ipa-downloader.git
cd ipa-downloader
wails build
open build/bin/ipatool-gui.appFor development with hot reload:
wails devIn June 2026 Apple's 26HOTFIX24 moved the App Store auth endpoint. Homebrew's
released ipatool (v2.3.0) still hits the old endpoint and fails login with an
empty-200 "something went wrong" — which also breaks downloads. The fix is
upstream PR majd/ipatool#490 (open,
not yet released). Until it ships in Homebrew, this repo vendors the change as a
patch and builds a fixed ipatool itself:
patches/ipatool-auth-endpoint.patch— PR #490's diff, pinned to a known upstream commit (MIT-licensed source; seescripts/build-ipatool.sh).scripts/build-app.sh— builds the patchedipatool, runswails build, and bundles the binary inside the.appatContents/Resources/bin/ipatool, so the resulting app is self-contained (no Homebrew/Go needed to run it):scripts/build-app.sh open build/bin/ipatool-gui.app
scripts/build-ipatool.sh— if you'd rather keep usingwails build, this builds the patchedipatooland installs it to~/Library/Application Support/ipatool-gui/bin/ipatool, which the app prefers over Homebrew's copy.
app.go's findTool resolves ipatool in this order: the Application Support
override → the bundled copy inside the .app → Homebrew → /usr/local →
/usr/bin. So either script above takes precedence over a stale Homebrew build.
When upstream ships the fix: delete
patches/,scripts/build-ipatool.sh, the bundling step inscripts/build-app.sh, and this section — then go back to a plainbrew install ipatool+wails build. Tracking: majd/ipatool#437.
- Sign in. Click the auth pill in the top-right. Enter your Apple ID email and password. If 2FA is required (it usually is), enter the code Apple sends to your trusted devices.
- Find an app by:
- Typing into the search bar at the top, or
- Pasting a bundle ID, numeric App ID, or full App Store URL (e.g.
https://apps.apple.com/au/app/.../id1234567890) into the Direct field — URLs are auto-parsed for the ID, or - Plugging in an iPhone and clicking From iPhone to list everything installed.
- (Optional) Click the version chip on a row (
v4.3.2 ▾) to pick an older version. - Hit Download. The row turns into a progress bar; the IPA lands in your chosen folder.
Apple wipes delisted apps from the public itunes.apple.com/lookup?bundleId=... endpoint, which is what ipatool uses to resolve bundle IDs into the numeric App IDs needed for download. Two ways around this:
- Easiest: plug in an iPhone that has the delisted app installed. The From iPhone flow extracts the App Store ID directly from the device's on-disk purchase metadata, and the download "just works".
- Manual: find the numeric App ID yourself (your Apple receipt email,
reportaproblem.apple.com, or the App Store URL in your purchase history) and paste it into the Direct field. URLs are accepted — the ID is auto-extracted.
The download itself still goes through Apple's purchase server using your signed-in account, so you must be signed in as the Apple ID that originally got the app.
- Downloads are limited to apps your Apple ID has purchased (or downloaded for free) at some point. ipatool can't bypass App Store entitlements.
- The app is unsigned. On a fresh Mac, Gatekeeper will refuse to open it on first launch — right-click the
.appand choose Open to bypass once. - Apple periodically invalidates the App Store auth token. The app detects this and re-prompts sign-in automatically, but you'll need to click through 2FA each time.
ipatoolonly emits a single result line per command, so the progress bar polls the output file's size on disk against Apple's iTunes Search API for the expected total. If iTunes Search doesn't know the size, the bar animates indeterminately and fills on completion.- The first time you click From iPhone, macOS will ask you to allow access to the ipatool keychain entry — this is so the app can read the signed-in account's DSID for the ownership comparison. The DSID is then cached locally at
~/Library/Application Support/ipatool-gui/dsidto skip future prompts.
This is a frontend for ipatool by @majd — that project does the real heavy lifting. iPhone integration is built on the libimobiledevice stack.
MIT — see LICENSE.