How does TestFlight do it?

Question

TestFlight offers over-the-air beta distribution of iOS apps (on non-jailbroken devices). How can this be done? Is this an iOS feature, or a vulnerability exploit?

Answer 1

Stock iOS devices are "vulnerable" to running the user loading Ad Hoc apps from any developer who has that device's UDID, and registers that UDID among their 100 allowed devices on Apple's developer portal.

OTA distribution is just another way to install an Ad Hoc beta test distribution from an enrolled developer.