Skip to content

How to block OTA updates for “any” iOS devices

中文版在此

There are many reasons that users don’t want to update their device to latest iOS versions. For example, some people want to stay their device on specific version to wait for an upcoming jailbreak, or app developers want to test their app on a legacy iOS version …etc.

Before Feb. 2020, the most convenient way to block OTA update is installing a tvOS beta profile. However, since iOS 12.x (I’m not sure the specific version), iOS checks whether the profile can be installed in current device. Thus, tvOS 13 beta profile can’t be installed on iOS 12.x and above, and tvOS 12 beta profile has been already expired since 31/1/2020.

So, this tutorial provides some methods, which can let you block OTA for any device on any iOS versions.

If you want to post this tutorial to other place, please refer to this post, thanks!

Before you start, you must check whether the OTA update installer is downloaded on your device. If so, you must remove it.

 

Scenario 1:Device version is iOS 12.1.x or below

Level of difficulty:★

I’m sure that iOS 12.1.x and below can install tvOS 13 beta profile because Apple didn’t implement profile device check on iOS 12.1.x.

You can install tvOS 13 beta profile here: https://gginin.de/jb/no_ota.html

 

Scenario 2:Device is jailbroken

Level of difficulty:★★

If the device is jailbroken, you can add this repo: https://repo.xsf1re.kr,and then install MCPatch。

After that, you can install tvOS 13 beta profile here: https://gginin.de/jb/no_ota.html

The tweak can be removed after you installed tvOS beta profile.

Source: reddit

 

Scenario 3:A11 (and below), but don’t want jailbreak

Level of difficulty:★★★

You can jailbreak first, then uninstall jailbreak.

checkra1n jailbreak: https://checkra.in

Please make sure that the device and it’s iOS version is supported. Then use checkra1n to install jailbreak. After that, follow the tutorial of scenario 2. And then, click “checkra1n” app on the iOS device and click “Restore System” to uninstall jailbreak. Do not open any other App Store apps before you click “Restore System” in checkra1n, or it might detect jailbreak and won’t work even after you restore the system.

Checkra1n can restore iOS system partition to previous state (non-jailbroken) with APFS snapshot. So the device will not be jailbroken, but the tvOS profile is already installed!

(Notice: Some apps still detect jailbreak after you restore system to non-jailbroken state. If this happens, backup your device with iTunes/Finder, then go to Setting > General > Reset and click “Erase All Content and Settings”, after that, restore your device backup. This can totally fix jailbreak detection issue and keep tvOS profile installed.)

 

Scenario 4:A12 (and above), can’t jailbreak, or any other cases

Level of difficulty:★★★★★

Please read the following instructions carefully. This method is kind of workaround. It requires you to click a button after restarting the device every time (more info below).

I tested this method on both my iPhone XS Max (13.3) and iPhone 6s Plus (13.3).

We can modify iOS backups to disable OTA. To modify iOS backup, you have to use the 3rd party app “iMazing”, which is on sale here (but the site is in Chinese…). Anyway, get iMazing and buy it first.

Then use iMazing to make an encrypted backup. Please enable “Backup Encryption” from “Options”.

▼ You must enable Backup Encryption or the health database won’t be backed up.

 

▼ After applying the options, click Backup to make a backup immediately.

 

▼ Then, click the button above, choose the backup file we just made, and then choose “Edit”.

 

iMazing would ask you to make a “backup of your backup”, confirm that.

▼ Now you can find “Editable Backups”, choose the one we made, choose “File System” and go to the directory of ManagedPreferencesDoamin/mobile

 

Now, click here to download my OTA blocker config, extract the archive and there’s a file named “com.apple.MobileAsset.plist”

▼ Put the file into ManagedPreferencesDoamin/mobile directory

 

▼ Choose the backup file we modified, click “Restore to Device”, follow the instructions.

 

▼ Do not check “Erase target devices” if you have eSIM installed, it may erase your eSIM too. If your storage is not enough for restoring a backup, try to delete some photos (because you will recover them after restoring), or do a DFU restoring to clean all contents. (DFU restoring doesn’t remove your eSIM)

 

If some error occurs and the message shows something like “com.apple.security.xpc error 3′, it means that your device storage is not enough for restoring a backup, please reset all the contents of your device and try again.

After restoring backup, use iOS Safari and open https://gginin.de/jb/no_ota.html, choose “Assistant Profile”, the device will download a profile, but “you don’t need to install it in Settings.app“. Now, check OTA updates in Settings.app and you can see the update disappears.

However, you must download the profile every time when the device reboots. So, I created a iOS shortcut to make it easier, you can add this shortcut to SpringBoard, and just remember to click it after booting.

Please notice that the OTA update might be downloaded during restoring the device backup. You must check device storage again and ensure there’s no updates downloaded. You only need to check this once.

If you want to unblock OTA, just reboot the device and don’t click the shortcut. If you want to restore the whole modification, just find the “iOS beta profile” on the internet and install it. After that, remove the profile immediately, and the OTA function will be totally back.

 

For advanced users:

Besides the method I provided above, I recommend you to block Apple’s OTA server with apps which provides DNS or VPN configs. Some of these apps supports enabling their service right after booting automatically. For example, “AdGuard” 4.0 (which is in beta now) have this feature. This can prevent the device from getting OTA update when you forget to click the shortcut.

Just redirect “mesu.apple.com”, “updates-http.cdn-apple.com” and “gdmf.apple.com” to 0.0.0.0.

The following screenshot is my config of “AdGuard” 4.0 (beta).

However, I don’t recommend to use DNS or VPN apps as the main method of blocking OTA updates. Because the DNS or VPN may crashes in some cases, or they may relaunch or be disabled when the device switches between different networks. Therefore, DNS or VPN apps can only be the “backup plan” when you forgot to click the shortcut.

發佈於iOS 教學

One Comment

發表迴響