Do AltStore PAL apps need to pass Apple App Review?

No. AltStore PAL apps go through Apple Notarization rather than full App Review. Notarization is a narrower check for malware, basic functionality, safety, security, and privacy, but it does not enforce content or commerce rules from the App Store Review Guidelines. App Store review remains required for apps distributed through Apple's own App Store, including inside the EU.

Is AltStore PAL available outside the EU?

AltStore PAL is currently available to users in the EU and Japan only. Apple opened alternative marketplaces under the Digital Markets Act on iOS 17.4 in 2024 and added Japan in late 2025 after similar regulation. Developers outside those regions can still submit apps, but those apps will only install for users in supported countries with eligible OS versions.

Does AltStore PAL host my IPA file?

AltStore PAL does not host the binary itself. Once Apple notarizes the app it issues an Alternative Distribution Package, which you upload to your own server. AltStore PAL hosts only the JSON source metadata that points to your file. Preserve the directory structure and file hashes exactly, otherwise installs will fail for every user who tries to download or update.

Who handles refunds for an app sold through AltStore PAL?

The marketplace handles them, not Apple. Apple's documentation for alternative app marketplaces in the EU states that Apple will not assist with fraud, IP disputes, payment disputes, or refunds. AltStore PAL or the developer settles those questions directly with the user. Plan a support workflow that does not rely on Apple's App Store refund flow before you ship a paid app this way.

Will Notarization reject an app that App Review would have approved?

Rarely, but it can happen. Notarization focuses on security and basic functionality. Builds with malware patterns, undeclared entitlements, or repeated crashes can be rejected at Notarization even if a similar build cleared App Review historically. Treat Notarization as a baseline gate, not a free pass, and resubmit the same way you would after an App Review rejection.

What is the difference between App Store and AltStore review?

If you have an iOS build sitting in App Store Connect and you are eyeing AltStore PAL as the way to distribute it in the EU, the obvious question is whether the review is easier, faster, or simply different. The honest answer is: different in scope, similar in effort, and the work happens in two places instead of one.

Short answer

AltStore PAL distribution still needs a paid Apple Developer account, an App Store Connect upload, and Apple Notarization. Notarization is narrower than full App Store review: it checks malware, basic functionality, safety, security, and privacy, but it does not enforce the content and commerce rules of the App Review Guidelines. AltStore PAL also runs its own intellectual property review on top, and the marketplace, not Apple, handles refunds, fraud cases, and IP disputes.

What you should know

AltStore PAL is an EU and Japan only marketplace. Apple opened alternative marketplaces under the Digital Markets Act on iOS 17.4 in 2024, and Japan was added in late 2025 after similar regulation came into force.
You still upload through App Store Connect. The submission flow forks at Notarization, not at the upload step.
Apple still reviews the binary. AltStore PAL receives a notarized Alternative Distribution Package; it does not replace Apple as the security gate.
Marketplaces own customer support. Apple states it will not assist with fraud, IP disputes, payment disputes, or refunds for marketplace apps.
Commercial terms differ. Developers shipping through AltStore PAL accept the Alternative Terms Addendum, which carries its own fee structure including a possible Core Technology Fee.

What does Apple actually check during AltStore PAL notarization?

Apple still runs the binary through Notarization before AltStore PAL can distribute it. According to Apple's DMA documentation for developers, Notarization combines automated checks with a basic human review across five categories: accuracy, functionality, safety, security, and privacy. The same documentation describes Notarization as "more limited than the App Review process for apps on the App Store." In practice, malware, broken builds, undeclared entitlements, and obviously deceptive listings get blocked, but App Store rules about user generated content, in app purchase mechanics, or design quality are not enforced at this stage. If your app fails Notarization, fix the issue and resubmit; the resubmission path looks much like App Review rejection handling.

How does App Store review differ in scope?

App Store review includes Notarization and then layers the App Review Guidelines on top. That is where Guideline 5.1.1 on data collection and storage, Guideline 4.0 on design, and Guideline 4.2 on minimum functionality come into play. A photo app with thin functionality might clear Notarization but fail App Store review under Guideline 4.2. A subscription app with a misleading paywall can pass Notarization but trip a 3.1.1 rejection on the App Store. The App Review Guidelines are also where editorial calls happen: clones, low quality assets, misleading metadata, age rating mismatches. None of those judgments run when AltStore PAL distributes an app.

How do the two routes compare side by side?

The table summarizes where App Store and AltStore PAL overlap and where they diverge.

Step	App Store	AltStore PAL
Paid Apple Developer account	Required	Required
Build uploaded via App Store Connect	Yes	Yes
Apple Notarization	Included in App Review	Required, run as its own step
Content and commerce review	Yes (App Review Guidelines)	No
Geographic reach	Worldwide	EU and Japan only
Binary hosting	Apple hosts	Developer hosts the ADP
Refunds, IP disputes, fraud	Apple handles	Marketplace handles
In app purchase rails	StoreKit, with external link options inside the EU	Marketplace and external options
Commercial terms	Standard App Store terms	Alternative Terms Addendum
Minimum OS for end users	iOS 12 or later for many apps	iOS 17.4 or later in the EU

The Notarization row is the one developers most often misread. Notarization is not a rubber stamp. It is narrower than App Store review, but it is still a real review run by Apple, not by AltStore PAL.

Who handles refunds, fraud, and IP disputes?

AltStore PAL does, not Apple. Apple's documentation on alternative app marketplaces in the EU is explicit: "Apple won't be able to assist with fraud, IP disputes, payment disputes, or refunds." The marketplace operator agrees to put an intellectual property review in place before distribution and to actively monitor for fraudulent, malicious, or illegal apps. For a developer, two things follow. First, your support inbox carries refund and dispute requests that would have routed through Apple on the App Store. Second, AltStore PAL itself can refuse to distribute an app that already passed Notarization, if the marketplace believes it infringes intellectual property or violates EU law.

How does the submission flow change for AltStore PAL?

The mechanics, per AltStore PAL's developer documentation:

Agree to Apple's Alternative Terms Addendum if you are targeting the EU.
Register your Apple Developer ID with AltStore PAL through its REST API and receive a security token.
Enter that token in App Store Connect under Users and Access, then Integrations, then Marketplace.
Mark the apps you want distributed via AltStore PAL and opt into automatic processing.
Submit each build for Apple Notarization.
Download the Alternative Distribution Package, the encrypted package Apple produces, and host it on your own server, preserving the exact directory structure and file hashes.
Publish a JSON "source" file describing your apps so users can add your source to their AltStore PAL client.

You still need App Store Connect access. You still need a paid Apple Developer account. The hosting requirement is the part most teams underestimate, because CDN selection, uptime, and update delivery move onto the developer instead of sitting with Apple.

What to watch out for

A few traps catch developers who treat AltStore PAL as a fast lane:

Hosting the ADP wrong. The directory structure and file hashes have to match what AltStore PAL expects. Rename, repackage, or re-compress a file and installs break for every user.
Source JSON drift. If the source JSON points to a stale build, users get update prompts that fail or end up with a version mismatched against the notarized package.
Treating Notarization as a rubber stamp. Apple still rejects binaries that contain known malware, request entitlements without justification, or fail basic functionality checks during Notarization.
Forgetting the geographic limit. Apps notarized only for AltStore PAL cannot be served to users outside the EU and Japan, even if your marketing site reaches them.
Customer support shifting to you. Without the App Store as intermediary, refund, fraud, and dispute questions land in your inbox or the marketplace's, with no Apple safety net.

For builders who want an external pre-submission read of an APK, AAB, or IPA before either route, PTKD.com is one platform focused on OWASP MASVS aligned scanning of the build artifact, independent of where it ends up being distributed.

Key takeaways

AltStore PAL distribution still runs through Apple, but at the narrower Notarization bar, not the full App Review bar.
Notarization checks accuracy, functionality, safety, security, and privacy with a combination of automated checks and basic human review.
Refunds, IP disputes, and fraud handling shift to the marketplace and the developer. Apple explicitly steps out of those for marketplace apps.
The submission flow looks similar at the start (App Store Connect, paid developer account) and diverges around hosting the ADP and publishing the source JSON.
Some teams scan their build with platforms like PTKD.com before they ship through either route, since the security findings that matter to OWASP MASVS apply whether the destination is the App Store or AltStore PAL.