NOW IS POTENTIALLY THE LATEST YOU CAN DO THIS. 14.4 WILL LIKELY BE SERVED WHEN IT'S THE 26TH, IN UTC. THE END
Don't believe me? Look at r/jailbreak, or the r/jailbreak Discord. Try it yourself on a phone you don't care about jailbreaking. I can't make you believe me, but do your own research.
ok for future reference assume iOS = iOS/iPadOS
note: all day counts are written as if the current date is April 7th. so adjust appropriately for current date
Apple has a feature where you can defer updates if your phone is supervised, intended for situations with corporate devices. The intention was to delay updates so that your company could properly test and validate them before allowing company devices to install it. However, you don't actually need an MDM (mobile device management) to use this - you just need your phone to be supervised and you can push a profile to it.
Specifically, this features allows you to defer updates for a configurable period between 1 and 90 days (inclusive). Let's assume we set this delay to 90 days. Here's Apple's update table: https://support.apple.com/en-us/HT201222
Specifically, let's look at the iOS portion:
Now look at when iOS 14.4 and when iOS 14.3 were released. As of the time of this post (April 7th), 14.3 was released on December 14th. That's about 114 days (given my math is right) from today. Now, 14.4 was released on January 26th. That's 71 days from today. Do you know what that means?
If you defer for 72 days or more, you can install 14.3 now.
Still don't get it? Imagine you moved back in time 90 days and checked for updates.
Now, if you wanted to go to 14.4.1 for some reason, it was released on March 8th, so 30 days ago. 14.4.2 was released on March 26th, or 12 days ago. So you'd have to defer updates for between 29 days (so you can install 14.4.1) and 13 days (so you can't install 14.4.2).
You can only install the latest version available that complies with your deferral.
For example, you can't install 14.1. Since 14.3 was released over 90 days ago, since the max delay is 90 days, any update older than 90 days will not be delayable, and the latest update that satisifies that criteria is 14.3.
As this method is time based, you need to do it before 14.4 hits 90 days old.
That's April 26th.
You need to get your iPhone supervised.
What is supervision? Basically, it's a way for enterprises to have more granularity over their Apple devices. As Apple puts it: "During the setup of a device, an organization can configure the device to be supervised. Supervision denotes that the device is owned by the organization, which provides additional control over its configuration and restrictions." You can control features like disabling iMessage/Apple Music/AirDrop/etc, disabling Erase All Content and Settings, disabling modification of settings, global proxies, and key for use, enabling deferment of software updates.
However, you need to either wipe your phone to be able to supervise it, or if jailbroken, use a tweak (or edit a plist directly - see below) to toggle supervision.
More info on this below.
Now there's two options here. Credit to Tanbeer on the r/jailbreak Discord for the latter.
- If you're not jailbroken - wipe your phone and supervise it with Apple Configurator 2 (on macOS, free), or with iMazing (on Windows, might be paid).
- Already have data already? No problem. Back up your phone, wipe and prepare, update, then restore backup.
- DON'T BACKUP IF YOU'RE JAILBROKEN
- Restoring a backup will unsupervise your phone (unless you made the backup while supervised), so make sure you update before you restore your backup.
- This is personally what I used, as I had a new in box iPhone SE with 13.4 installed.
- more on how to do this later
- If you are jailbroken (or can jailbreak) - use a tweak that can spoof supervision. I've heard MyBloXX works. There's a good guide covering this here: https://ios.cfw.guide/updating-to-14-3.
- I haven't tried this myself, but many people in the Discord are reporting success.
- You will likely need to restore rootFS.
- Instead of using the tweak, you can also edit
isSupervisedand toggle it to on. Thanks to whoever found this first
Once you're supervised, it's fairly smooth sailing. You need to push a profile that will delay software updates: you can do this with Apple Configurator 2, or use this link from Froggy, which will delay for 90 days (so you'll end up seeing 14.3): https://cdn.discordapp.com/attachments/688122301975363591/829232841774596096/90_Day_Delay.mobileconfig
Once you do this, you should be seeing 14.3 (or if you included a different delay in your profile, some other version) in Settings.
This uses Apple Configurator 2, which is only available on macOS. If someone can contribute a guide using iMazing that would be helpful.
- Download Apple Configurator 2
- Open it
- Click File > New Profile
- Change the name if you want
- Click on the Restrictions tab, then click Configure.
- Scroll down to "Defer software updates for days" and enable it.
- Leave the defaults for all the other options here so no other restrictions get enabled (unless you want them).
- Set the limit to your desired value, between 1 and 90 (inclusive).
- Save the profile and close the window
You have two options here now:
a. Transfer profile to iPhone through some other method
b. Use Apple Configurator 2 since you already have it open
- Plug in your iPhone and double click it in Apple Configurator 2
- Click Profiles at left
- Drag in the profile that you just created
- Wait for it to install. If using a tweak to spoof supervision, Apple Configurator 2 will probably prompt you to accept installing the profile on device as it thinks you aren't supervised, but it'll work fine.
It's supposed to, as it's a feature built in to iOS 11.3 and up. However, A14 is having issues due to a personalization error when attempting to install. There are no current known workarounds for this.
For other devices, see the next entry.
This started happening after this blew up, so I'm guessing it's server load. A VPN may work.
A14 is having issues, no known workaround
If not on A14, make sure you restored rootFS.
It also appears that being on an SEP higher thsn your target OS may cause this issue. Specifically, iOS 14.4+ SEP when trying to OTA to 14.3 appears to be causing issues. Since the OTA cannot downgrade the SEP, an error results.
So basically if you used futurerestore with
--latest-sep after January 26th, or manually specified a iOS 14.4+ SEP, you're on iOS 14.4+ SEP and this won't work for you. If you're on iOS 14.3 SEP or lower, you are fine and you should retry instead.
iOS 14.4.1+ SEP and trying to OTA to 14.4 does not seem to have issues. This is because iOS 14.4 and 14.4.2 have the same SEP.
No, this was thought to be needed to remove supervision spoofing but there are other ways to do it (scroll down).
Remove any beta profiles (including tvOS profiles) - these profiles will block updates.
/var/mobile/Library/Preferences/com.apple.MobileAsset.plist and ldrestart/userspace reboot.
Install OTADisabler and uninstall it, then ldrestart/userspace reboot.
Apple servers seem to have issues, I couldn't download 12.5.1 on a test iPhone 6+ but I couldn't download 12.5.2 either, so it doesn't seem like they intentionally killed the method
Grab OTAEnabler or Restore rootfs, rejailbreak with u0 and have "Disable updates" turned off
Re-enable OTA daemon using iCleaner Pro
Make sure you're supervised - there should be text at the top of settings. Also make sure you installed the right profile. The PAC profile from MYbloXX settings is not what you want, use the profile linked above or the instructions to make your own.
No, see SEP info above.
No, as the latest iOS 13 update is over 90 days old, you can't delay it.
However this does work to delay 12.5.2 as it's under 90 days old
Maybe, maybe not. Some people have reported success, others failure. ymmw
This has now been found to be tied to SEP as explained above; if you futurerestored and ended up on 14.4+ SEP you cannot do this.
You can dump your blobs right now but you can’t use them with futurerestore without a bootrom exploit, which means they would not work for A12 and above.
You can install whatever tweak you installed to spoof supervision again, and disable it from there. You can also edit
/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/CloudConfigurationDetails.plist again and disable
isSupervised. Otherwise, (but this is the nuclear option, unless you did this unjbed, in which this is the only option) Erase All Content and Settings.
Alright it appears a request is made to Pallas with 3 extra keys being the clincher:
DelayPeriod (integer between 1-90),
true). The server will return with a 400 if your delay period is not between 1 and 90 (inclusive). This is how the OTAs are being found, so delayed software update handling seems to be entirely serverside.
Still don't know how signing is validated though. Will update soon
Apple: implementing this in the first place
Tanbeer#4750 on Discord: Realizing spoofing also works and figuring out you can do this with iMazing
CoocooFroggy#7742 on Discord: Providing a profile link for others to use
dabezt#2228 on Discord: Helping prove this actually works
MasterOfMike#8063 and CoolStar: Connecting the verify errors to higher SEP