Saktanong -

How to sideload iOS apps and why it's so dangerous

IT professionals should be aware of how to sideload iOS applications and why it might be dangerous and inadvisable to do so. Learn the two most common sideload methods below.

Most mobile administrators know how simple it is to download and install third-party apps onto Android devices, but they may not know how easy it is to sideload iOS apps.

I spent some time figuring out how to sideload iOS applications, because if I can do it, it can't be too difficult for anyone to take on.

How common are sideloaded iOS apps in the enterprise?

I first got curious about the difficulty of deploying third-party apps onto an iPhone after speaking with representatives from Lookout and Wandera. Lookout representatives revealed that from February 2016 to February 2017, 11% of iOS devices encountered a sideloaded app.

Between November 2017 and November 2018, 6.8% of iOS devices connected to third-party app stores and 3.43% of iOS devices had a sideloaded app installed, according to Wandera. These aren't large numbers, but Lookout and Wandera's customers are businesses and corporations that prefer to keep devices locked down.

How easy is it to sideload iOS apps?

The process of accessing iOS sideloaded applications is easy -- really easy. Anyone can do it from their iPhone or iPad, and it doesn't require jailbreaking the device. All it requires is to download the app onto the device via a desktop or to load apps from the mobile browser.

Anecdotally and according to the comments on this recent article about the Cydia Store, jailbreaking isn't as popular or common as it once was. Some people still do jailbreak their iOS device -- this will never completely go away -- but the number of jailbreakers is getting smaller and smaller as Apple rolls out features that used to only be possible on a jailbroken device. Also, it's easy enough to sideload iOS apps onto your phone or tablet, so users may not find it necessary to do so.

sideload ios apps is simple
Pokemon Go third-party version

I tried two different -- but ultimately similar -- methods to sideload iOS apps, and the key with each of them was based on abusing Apple developer certificates. The simplest method is via the device itself.

If you want to sideload on an iOS device, you should first find a third-party app store you feel is trustworthy enough. Whether these app stores any truly safe is a debate for another time. It shouldn't be difficult to find plenty of options.

Select the app you wish to download and after it finishes, go into Settings > General > Device Management and trust the developer certificate. And voila, the app should be sideloaded on the iOS device and be ready to go.

The other method uses Cydia Impactor, Xcode and a downloaded IPA file. You should note that it's possible for iOS to sideload an app just using Xcode, but it requires some additional technical knowledge.

First, create an Apple developer account; you can create a free account for a trial period or pay $99/year for one. With Xcode, push your provisioning profile onto the iOS device -- follow these directions -- and then use Cydia Impactor to re-sign the IPA file to your developer profile. Enable the device to trust your profile and then you're done.

Trust certificates to sideload ios apps
Trusting the developer certificate.

Neither method is flawless, though. The first method of loading apps from a third party relies on the hope that Apple doesn't revoke the enterprise developer certificate the app uses, as this will prevent the app from launching. Meanwhile, the personal provisioning profile you created with a free developer account -- using the Cydia Impactor -- will expire after 5-7 days unless you pay the $99.

Key takeaways of iOS sideloading apps

The simplicity of this process may surprise you, or it may not if you're one of the 11% who already adds sideloaded apps to your iOS device. Apple iOS has the reputation of being walled garden that requires you to go through the official App Store to for all applications, but this is not exactly the case.

The process of accessing iOS sideloaded applications is easy -- really easy.

While it remains easy for users to get these applications, an iOS device that has sideloaded apps opens up another vector for bad actors to get spyware and other malicious software onto your iOS device. You should be sure you can trust the third-party app store where you got the IPA file or app.

Jailbreaking also leaves your device more vulnerable. In theory, malicious apps would have less of an effect on jailed devices than jailbroken ones. You need to think about the overall threat model here. No method to getting unauthorized apps onto your device is great from a security perspective. Any sideloaded iOS apps will have unfettered access to your device, along with APIs, according to Lookout.

Be careful if you decide to jailbreak or sideload iOS apps, especially with work devices.

(Note: I also looked at how IT admins can block sideloaded app installation on iOS in the enterprise. While it's easy to sideload iOS apps, it's not too difficult to prevent it either.)

Next Steps

Apple hurries out fixes for WebKit zero-days

Dig Deeper on Apple iOS in the enterprise