We should all be taking full advantage of the amazing capabilities of the pocket supercomputers we all carry around with us at all times (even if the companies who make them don't want us to or don't care about us). Anything less would be silly! Now Linux and Windows users (the majority of iPhone users) can do easily do so, and that's great.
To install your own personal homebrew apps without Apple's approval, use AltStore (Windows) or SideStore (Linux):
True, it's far from ideal, and not entirely without Apple's approval. You need an Apple ID, to accept Apple's EULA (which probably forbids such activities), to accept the risk of your Apple ID being banned [1], to accept the risk of Apple breaking things (intentionally or not), and to continue asking Apple's server for new signatures every week into the foreseeable future.
Still better than nothing, for those already fully immersed in the Apple ecosystem, with no hope of escape? (I still use and recommend Android, but I have a spare iPad to play around with, so I enjoy seeing stuff like this come out.)
Most laptops run Linux, but few provide official support for it. The Gen 12 and 11 did, and you could get Linux pre-installed. But there's no "Linux" option on the Gen 13 store page.
> RCS may require access to certain SIM card information, which only pre-installed apps can do
> because they don't want to implement RCS themselves.
Sounds like they can't implement RCS themselves even if they wanted to, not simply that Google doesn't provide an open source implementation? (Referring to app developers here, not custom ROM devs.)
They can't implement RCS for every carrier, but they can implement it for some. Others require nothing more than a network call to a predefined HTTP address over a data connection.
Although Google may dislike it, I don't believe Google's RCS implementation (the one most of the world uses) requires elevated permissions. Their activation sequence is proprietary and closed source, though so I'm not 100% sure.
Just having a base implementation for custom ROMs would be a start. Given that Google will block custom ROMs from RCS in their app (I believe because the spec says to), there is a need for an independent implementation if this makes RCS popular enough under American users.
Someone will have to inventory the activation mechanisms for each carrier to see if there really is a disadvantage. I'd start with mine, but all of the carriers in my country have shut down their RCS servers a decade ago.
I am not familiar with RCS, but considering the plethora of messaging apps available that just work, why did they choose the most complicated way for users to use it? And what do you mean it is not available on every carrier and needs SIM access?
I haven't seen any indication of that at all. There's sort of an API, but it's basically restricted to Samsung's messenger only.
The EU won't get involved unless a significant chunk of the user base uses Google Messenger. I don't think EU users will reach that threshold because most of the EU uses basically any chat app except for SMS/MMS. Things like receiving verification SMS messages still work using the existing API and I have a feeling that that represents the majority of SMS use in the EU.
Executive summary: Epic Games benefits greatly from the DMA, but powerusers and smaller developers don't get much benefit. This is due to Apple's lackluster compliance measures that are currently being investigated and may be deemed illegal.
This is a great site, and thank you for the effort.
One suggestion for an addition to the section on FOSS: Related to the issue of not being able to modify the source of apps we use, we also can't verify that an "open source" app on iOS is built from its claimed source code. We just have to trust the developer. This blocks true auditing of iOS apps for data privacy practices, something we know is needed given that the "privacy labels" are often deceptive https://archive.ph/Ak6qU. As such, this is a data security issue as much as a user freedom issue.
I'll probably end up adding it myself if you don't want to, because it's actually something I wanted to include originally but forgot to.
This is definitely a huge issue with the current implementation of DMA compliance. Apple's mandatory DRM encryption scheme as part of the notarization process doesn't just block reproducible builds and the improved security that those offer, but also means that third party app stores aren't capable of auditing the apps they offer in any way. If Apple lets something slip through their notarization review (which is not an impossibility, since it's happened on the App Store before), then the third party store carrying that app will be unfairly blamed for the incident.
That is listed under "unofficial sideloading methods". A more accurate title would've been "Does iOS support sideloading yet?" but I wanted to keep the domain name as short as possible :)
The Apple Developer program is not intended as an option for end users to enable sideloading on their device, even if that is a side effect of joining it. It is only intended to allow developers to briefly test new builds of their own apps in a limited capacity before uploading them to the App Store (or third party stores in the EU). Apps "installed" this way expire after a certain length of time and you must ask Apple's cloud service for a new certificate each time that happens in order to keep using them. You're still tied to Apple indefinitely this way. If your developer account is terminated for whatever reason, or Apple decides to increase the price such that you can no longer afford your account, then suddenly you no longer have sideloading, and you no longer have access to any of the apps you previously sideloaded.
Therefore, I lump it into the same category as jailbreaking -- yes, you can argue that the existence of that means iOS already has sideloading, but it's not officially supported.
Sidenote: You don't need to spend $100/yr if you want to go the "unofficial sideloading" route; AltStore (Classic) is available for free: https://altstore.io/
> I personally don’t care about alternative app stores
I've seen this sentiment a couple of times here and I think it's the wrong framing on what the EU is trying to do. Third party app stores aren't the point; they're just a vehicle enabling users to choose which software they want to use without interference from Apple. The indie devs using AltStore PAL don't all necessarily want to use it, but they're forced to because of the way Apple chose to implement DMA compliance.
In fact, the DMA doesn't even explicitly require that gatekeepers allow third party app stores; they can only allow direct distribution (e.g. via web sites) instead, if they want (this is to the best of my understanding of the text, but IANAL).
When you say you don't care about alternative app stores, what you're really saying is that you don't care about the end user's ability to use apps that aren't approved by Apple. That is certainly an opinion that many folks have, but I'd prefer that they refrain from hiding behind the shield of "third party app stores are weird and who even cares", whether deliberately or not.
> In fact, the DMA doesn't even explicitly require that gatekeepers allow third party app stores; they can only allow direct distribution (e.g. via web sites) instead, if they want.
Is Apple actually complying with the DMA then? They are still requiring notarization, which means apps still have to be approved by them.
The DMA allows Apple to take "strictly necessary and proportionate" measures to ensure that alternative apps do not "endanger the integrity of the hardware or operating system". IMO iOS notarization (which is a different and more involved process with many more rules than notarization on macOS) goes well beyond that, but it's up to the EU to decide.
Having grown up through ad-bars, Windows malware, email worms and everything else that could go wrong for most people during the late 90s on and not wanting to do IT for my entire extended family, I don’t mind having a popular platform with guardrails. Unfortunately, I think providing non-curated access and opening up platform features that are currently gated by security features to unscrupulous actors will make things worse for more people than it will help. After over 15 years of iPhone use, I’ve never had any of the problems that plague PCs and I attribute a lot of that to a restrictive app distribution model, sandboxing, etc.
End users can (and do!) use apps not approved by Apple on mobile devices every day. They just do it on something that’s not an iPhone (or have the capability to jailbreak their iPhone and know what they’re getting themselves into). Corps and devs can also run custom software without Apple approval. I’m personally fine with that delineation and I’d much rather have stronger GDPR-like and property laws.
Some good points overall, and I think I agree in a lot of ways, actually.
> (or have the capability to jailbreak their iPhone and know what they’re getting themselves into)
It is a common misconception that people can "just" jailbreak their iPhone if they're not happy with the walled garden. This requires someone finding a critical-impact zero day vulnerability in iOS, quite literally worth around half a million dollars [1]. Apple is hard at work as we speak trying their hardest to prevent those from slipping in -- and that is a good thing, in general. It's not currently possible to jailbreak any up-to-date iOS device.
I'm all for sandboxing and other iOS security features; I'm not proposing that we get rid of any of that. Sideloaded apps would presumably still be fully sandboxed, and would still only be able to access sensitive data with explicit user consent. This is very different than the situation on Windows, where in 2025 you can still double click an .exe and instantly have all of your passwords and credit cards stolen (not an exaggeration; this literally happens).
I'm also not against the idea of making it difficult enough to enable sideloading so as to make social engineering attacks against grandma effectively impossible. This is what Chromebooks are doing; nerds get root, but grandma doesn't.
However, the DMA is more concerned with delivering alternative apps to everyone than it is concerned with empowering techies. So I can see why you might not support it even if you want to have a little more control over your phone, as a techie.
It's certainly a shame that piracy is a real factor here :(
It should probably be noted, however, that from what I understand, technically speaking, the only reason that piracy is possible in the first place is due to Apple's failures to prevent jailbreaking? iOS apps are encrypted and you need a jailbreak to decrypt them and redistribute them on shady websites. If Apple finally stomps jailbreaking out for good one day (which they are trying to do), then piracy should become impossible even if sideloading becomes an option.
See also: Xbox One has a developer mode that allows unsigned code execution, but that still doesn't allow for piracy because nobody's hacked the console, so nobody can obtain the game binaries to pirate.
I like piracy as a means to punish these user-hostile practices like vendor-lockin and bait & switch.
That's why I started downloading netflix shows again after they doubled the price (I used to be on the 720p plan and now I'd have to pay more than twice to get ad-free netflix). These companies only care about their bottom line and this is where you can hurt them back the most.
Sorry, I should've clarified that I was asking about whether you had a source for the claim that this legislation will not allow sideloading. I agree regarding the definition!
I just read the article, which like OP says, talks about third-party app stores and not sideloading. If it's anything like EU regulation, then that'll be that.
It uses the word "sideloading" and doesn't appear to have carveouts allowing Apple to block apps for "security" like the EU legislation does. But at the end of the day it really just depends on what their legislators are going to allow Apple to get away with, and Apple will probably attempt bare-minimum compliance at least initially, like they did in the EU.
