index

I wasn’t even planning to write this, I just wanted to install a few apps. That’s it.

But nope. Turns out when you’re using anything made by Apple, even something that basic turns into a fight. No sideloading, no third-party stores, just their App Store and whatever they decide you’re allowed to run.

It’s bullshit, honestly. I bought the thing, I should be able to use it how I want.

Anyway, if you’re stuck in the same mess, here’s what actually worked for me.

---

Step 1: Install DNS Profile

iOS restricts third-party installs unless you run a DNS filter or block Apple’s cert checks. Start here:

Install DNS Profile

Instructions

1. Go to Settings → General → VPN, DNS, Device Management.
2. Install the profile and let it do its thing.

For iOS 18 and Up

• The profile goes to your Downloads folder in the Files app.
• Rename it so it ends in .mobileconfig, then open it manually to install.
• iOS 18 reboots automatically after profile install, so turn on Airplane Mode before that to prevent DNS leaks.

Block These Domains (Optional but Recommended)

• certs.apple.com
• crl.apple.com
• ocsp.apple.com
• ocsp2.apple.com
• ocsp.digicert.com
• valid.apple.com
• appattest.apple.com

Use Cloudflare Zero Trust or Egern (for AdGuard Home users) to add these block rules.

---

Step 2: Install Esign App

Esign is the tool you’ll use to unzip, sign, and install .ipa files.

Try One of These Links

• Beijing Esensoft Co., Ltd
• NREH ESTATE INFORMATION TECHNOLOGY CO.,LTD
• China Railway Eryuan Engineering Group Co., Ltd.
• Dtt Technology Co.,Ltd.
• TCL household Appliance Marketing Co., LTD
• Wuling Power Corporation
• HDFC Bank Limited
• Vietnam Electricity
• Kotak Mahindra Bank LtdK
• China Continent Property & Casualty Insurance Company Ltd
• GAC TOYOTA MOTOR CO.,LTD
• Sunshine
• Sunshine 1
• Sunshine 2

After Installation

1. Go to Settings → General → VPN, DNS, Device Management.
2. Tap on the Enterprise App and Trust the certificate.

In Esign:

• Go to the “Download” tab, tap the top-right ••• → Settings.
• Enable:
  • Auto Import
  • Auto Delete

---

Step 3: Get Developer Certificates

Use expired certificates instead of fresh ones, most still work.

Freeloading Certs (RAR)

Instructions

1. Go to the Files tab in Esign.
2. Tap and extract the downloaded zip.
3. Import a certificate of your choice (the one that installed Esign usually works).
4. Delete the extracted folder and zip.

Go to Esign → Settings → Sign Default Config and set:

• Install after signed: Enabled
• Remove mobileprovision after signing: Enabled
• Install address: Local
• Compress level: Balance

---

Step 4: Add Repositories

Repos are app libraries that Esign pulls from. These links won’t open in Safari, copy/paste them manually.

Instructions

1. In Esign, tap App Source (top left).
2. Tap +.
3. Paste the repo link.

You’ll now be able to browse apps from that repo within Esign.

---

Step 5: Sign and Install Apps

Once you’ve downloaded an app from a repo, it’s not ready yet.

Instructions

1. Tap Signature.
2. Then tap Install.

To Clone or Duplicate an App

1. Rename the app (example: YouTube Red).
2. Modify the bundle ID:
   Original: com.google.ios.youtube
   Modified: com.google.ios.youtube.1

---

Notes

• If a certificate doesn’t work, try another from the same batch.
• Apple’s restrictions are mostly DNS/certificate based, not hardware locked.
• Sideloading isn’t just about piracy or shady apps, it’s about freedom. Custom tools, indie apps, stuff Apple won’t approve because it’s “not aligned with their guidelines” (aka it doesn’t make them money).
• The App Store model isn’t about safety, it’s about control. If Apple cared about safety, they’d give you real permissions management. Instead, they give you animated emojis.

---

That’s it. Clean, private, no App Store bullshit, just install your apps and be done with it. Fuck Apple.