To start off, let's explain what sideloading is.
Sideloading is the process of installing a custom app through other means other than the official ways. By custom app, it refers to internal or development builds to installed with the help of a computer. This term is most widely used in the case of installing third-party apps on Apple devices. These apps are packaged in the .ipa format on Apple devices. The apps need to be verified by the developer before opening them.
So.. what's the catch? Why does it suck?
There are multiple reasons why sideloading on iOS sucks: Sideloading on other platforms (such as Android) is completely free and unrestricted, whereas on iOS, using a Free Developer Account, you can sideload at most 3 apps at the same time that are available for 7 days (you can resign to keep using them, but this requires a connection to the computer remotely via Wi-Fi or directly via USB). There is an official alternative; you can use a Paid Developer Account (which is $99/year), but this defeats the purpose of sideloading. On Android, you can sideload as many apps as you want, you do not have to resign them and it is completely free. It doesn't even need a connection to the computer, as it can all be done directly on the device.
Apple introducing sideloading to the EU.
As of writing this article, by March 2024, Apple is forced to allow sideloading on iOS devices in the EU, but it isn't quite what people expected. Apple is introducing third-party app stores which have to be approved by them, and each app upload has also to be approved by them. This is still restricting the user.
Of course there are ways to circumvent these restrictions.
One such way is by jailbreaking your iDevice. This means that, through a flaw of the OS or the hardware itself (as we've previously seen with the bootrom exploit checkm8), the flaw can be exploited, and as such, the device can be released from the restrictions. This means that you can do whatever you want to the device, including installing apps without a computer and no need for resigning the apps. But there are also drawbacks to this solution. Jailbreaking means that you give up your device's security. By default, apps on iOS are sandboxed, meaning they can't access one another. By jailbreaking and installing custom apps, you are exposed to installing a malicious app (even without knowing) which can steal data or even render your device unusable. Thus, for some, jailbreaking is not an option.
What is the best option for non-jailbroken users?
There are many open-source apps attempting to make the process of sideloading apps a bit less of a hassle, for example AltStore, Sideloadly, etc., but they still require you to connect your computer every 7 days to resign the apps. There is however SideStore, which is a fork of AltStore that doesn't require you to connect your phone to a computer after installation. All you need is a connection to Wi-Fi and you are set. But it isn't perfect though: by default, you are required to have a Wi-Fi connection when refreshing apps with SideStore because you need a VPN to connect to their Anisette server.
Here is an explanation of what Anisette data is:
Anisette data is information used in the app signing process that needs to be generated each time you install or refresh apps. SideStore gets this information from a server that spoofs a Mac and sends you back the anisette data. No account info is sent to the server ever in this process.
from SideStore Wiki.
However, the issue is that if multiple users are connected to that Anisette server, Apple will block the accounts used for signing the apps. Also, SideStore can be pretty buggy when resigning the apps through their remote Anisette server and can crash due to overload.
So, the best way so far is to use SideStore with our own Anisette server for no issues. But how can you host your own Anisette server? I will be covering this in the next blog post, as well as the full process, which means preparing the server, installing Docker and the Anisette server, as well as a reverse proxy for a custom domain which we are going to use for this anisette server.
Thank you for reading this far!