The legal challenges Apple faces in the European Union and the United States have made it clear that the user demand for iOS sideloading exists. Apple does attempt to make it as hard as possible for people to install what they want on their devices.

What if I told you a guy who has been running his own Apple App Store alternative for over 9 years has redirected all these? Colton Adamski was only a middle-schooler when he started his first third-party App Store on iOS, and we invited him to give us his stance on Apple’s current challenges related to iOS sideloading.

What is iOS sideloading?

In a nutshell, iOS Sideloading refers to being able to install any application from any source without having Apple tell you that you cannot and without having to get it from the official App Store.

Android has been allowing this for many years. A simple checkmark in Settings to allow applications from untrusted sources and that’s it – feel free to install any app from anywhere and face the consequences if you install malware.

On iOS it’s not as straightforward. While you technically can sideload apps thanks to a myriad of tools like AltStore, Sideloadly, and Cydia Impactor (now defunct), and thanks to several prominent third-party app stores like AppValley, FlekSt0re, and AppDB, Apple is fighting hard to prevent you from doing so.

How does Apple attempt to stop you from sideloading apps?

1. All apps installed on iOS must be signed by an Apple-issued developer certificate, at the very least you need a free Apple ID for this.
2. Apps signed with a free developer certificate only last for 7 days after which the app simply won’t open anymore and you must install it again from the computer.
3. With free developer accounts you can only install app to 10 apps and they expire after 7 days.
4. Free Apple developer accounts limit the capabilities (entitlements) the sideloaded apps can have.
5. Currently, third-party app stores do not have an official way of installing apps or registering with Apple so they have to piggyback on enterprise developer certificates which Apple actively revokes to stop these stores from using them for sideloading, amongst other security concerns.
6. There is no toggle to enable and no setting to change that allows installing apps from any source.
7. Apple goes as far as to blacklist certain websites in Safari on iOS telling people that the website can have them install unauthorized apps.
8. Apple made iOS periodically check the installed apps and revoke any app they deem unauthorized or installed via means they don’t allow. If your device is not connected to the internet, and iOS cannot phone home to check, your apps won’t even open. Yes, even if they are properly signed.

It’s with all these reasons in mind that the E.U. is having Apple under fire accusing them of gatekeeping iOS.

The situation is not any better for Apple in the U.S. either after the U.S. Department of Justice filed an antitrust lawsuit against the company earlier this month.

Is sideloading safe?

One of the reasons often cited by Apple when it comes to sideloading and why they strongly oppose it is that sideloading leads to malware and compromised devices, however, there have been several cases over the years of malicious applications being distributed in the App Store and completely dodging Apple’s tight review.

AppValley CEO, Colton Adamski told us in an interview that over at AppValley LLC, they do vet user submissions, but the instances of malware have been so rare and far between that most users never encountered this during AppValley’s 9 years run.

See iOS is a pretty secure system and even without code signing the app would still not be able to do much thanks to the Sandbox and the restricted access apps have on iOS. Unless a user is jailbroken and explicitly grants additional entitlements to the app (such as sandbox escape), most random apps installed from the internet wouldn’t be able to access much on the device.

Of course, even without sideloading hackers do manage to get into people’s devices. Several threat actors have made international news over the years with very advanced, likely state-sponsored exploits and malware on iOS. A recent example that comes to mind is the Operation Triangulation exploit chain.

So while malware on iOS isn’t common, it’s also not impossible. It has happened before and it never had anything to do with sideloading, but rather with iMessage and Safari 0-click exploits.

AppValley is starting its own official iOS third-party app store in the E.U.

The recent legal battles between Apple and the E.U. resulted in Apple being forced to allow third-party App Stores to exist, gave users a choice about their default browser, and made Apple allow third-party payment methods in apps in the E.U.

The changes have been implemented starting with iOS 17.4 and now there is an official registration method for a third-party iOS App Store in the E.U.

Of course, Apple did not make the process straightforward. You still cannot install any app you want from any source, and third-party App Stores must still be vetted and reviewed by Apple before they are allowed to exist.

Apple also requires the company starting a new app store to provide a $1 million letter of credit before they’d even consider the application.

AppValley CEO, Colton Lucas Adamski told us in an interview that the company is already in the initial stages of setting up a legitimate, official third-party iOS app store in the E.U. after successfully securing the $1 million investment.

Who is Colton Adamski?

Adamski has a long history with iOS sideloading having started his first third-party App Store back when he was in middle school.

Back then he used to run iNoCydia, but soon had its name changed to iNoJB after Cydia creator, saurik, threatened to sue for trademark infringement.

Colton did not stop there he proceeded to win 3rd place in a college contest for building the very first iOS screen recorder app, EveryCord, long before Apple implemented the feature into stock iOS.

Adamski’s screen recorder was a massive hit charting Top 10 in the Utilities category of the AppStore. Apple responded to this by further locking down and securing IOMobileFrameBuffer.

As expected, that did very little to stop Adamski from reverse engineering an Apple TV dump and learning how to generate valid FairPlay encryption keys allowing his app to make the iPhone share the screen with itself and making EveryCord capture the output.

Later on, Adamski went on to found AppValley LLC which at its peak around 2019 used to serve a few hundred thousand users a day.

People could find there all sorts of applications ranging from tweaked apps and games to jailbreak utilities for the latest version. As expected, it was a hit with users making the app catalog grow to thousands as more users started contributing with suggestions and submissions.

The third-party store operating at the edge of legality has been a massive hit, so much so that BBC noticed them recently and wrote a piece on it in light of all the legal battles against Apple’s practices in the E.U.

This was all happening while Apple was tightly controlling the iOS sideloading scene and it was a continuous cat-and-mouse game between AppValley and other alternatives on one side, and Apple revoking their certificates and stopping the apps from working on the other side.

The game of cat and mouse continues to this day. Many of AppValley’s competitors who were quick to capitalize on this new and amazing idea of third-party App Stores have since vanished, however, a handful of OG developers remained and are battling with Apple to this day.

Apple revokes the certificates killing the apps in the process, third-party app stores find and buy new ones and re-sign the apps for their ever-growing user base.

It’s been like that for years with new certificates costing several thousands of dollars on the black market, but now the iOS sideloading landscape is changing.

These third-party app stores, and the users in general, really, now have new allies against the trillion-dollar company and their walled garden.

The legal landscape is starting to shift towards prohibiting practices designed to discourage sideloading and competition in the app store space. In Europe, the Digital Markets Act (DMA) is setting a new precedent for how companies like Apple get to dictate what users put on their devices.

Final thoughts

The legal battles are very much still going on and it’s hard to say what tomorrow holds, but it’s thanks to people like Adamski and Donald Mustard of Epic Games who want to challenge the status quo that we get to see the trillion-dollar company opening up slowly but surely for the first time.

Having a choice on what you run on the device you bought and paid for is an important thing and it’s great to see people fighting for consumer rights more and more lately.

Credit: Photo by Chris Nagahama on Unsplash

More iDevice Central guides

• iOS 17 Jailbreak RELEASED! How to Jailbreak iOS 17 with PaleRa1n
• Dopamine 2 Jailbreak IPA RELEASED For iOS 16.0 – 16.6.1
• Download iRemovalRa1n Jailbreak (CheckRa1n for Windows)
• Dopamine Jailbreak (Fugu15 Max) Release Is Coming Soon for iOS 15.0 – 15.4.1 A12+
• Cowabunga Lite For iOS 16.2 – 16.4 Released in Beta! Install Tweaks and Themes Without Jailbreak
• Fugu15 Max Jailbreak: All Confirmed Working Rootless Tweaks List
• iOS 14.0 – 16.1.2 – All MacDirtyCow Tools IPAs
• iOS Jailbreak Tools for All iOS Versions