So, after the certificate being revoked and leaving many with the contemplation of having to use free provisioning certificates that expire after a week, I thought I would have a look at how the stock apps are signed. There are a couple of apps (take the compass app for example) that has a CodeResources file that does not contain any hash values. The md5 for these files (for me) is always 18c8afe9be28947d55f4477a72071077. My theory is that if the Pangu app was moved from the /var/mobile/... directory into the /Applications/ directory and one of these CodeResources file placed in the _CodeSignature directory, it would be allowed to run when the phone is not in jailbroken mode. Anyway, I haven't tried it (maybe on the weekend), but I thought I would put it out there as a possible "solution" to the signing problem. So the process would be: - sign the IPA using a free provisioning cert, - install openssh on the device - ssh into the device and move the PP app to the /Applications/ directory - copy the compass _CodeSignature directory into the PP directory. - logout and reboot the device - attempt to run the PP app. Anyone want to test it?