iOS 16 Sideloading Guide: Methods and Limitations
Sideloading on iOS 16: Methods, Changes, and Limitations
iOS 16, released September 2022, brought a customizable lock screen, iMessage editing, Passkeys, and an overhauled Focus system. For sideloaders, it introduced important new security concepts alongside changes to the developer ecosystem. This guide covers every method available on iOS 16, what changed from iOS 15, and how to get the best sideloading experience on any iOS 16 version.
Major iOS 16 Security Changes Affecting Sideloaders
Lockdown Mode
iOS 16 introduced Lockdown Mode — an extreme security configuration designed for high-risk individuals such as journalists, executives, and human rights workers who may be targets of sophisticated state-sponsored attacks. When enabled, it restricts a wide range of iOS features, including certain types of app installation and web browsing capabilities.
Lockdown Mode is disabled by default and must be manually enabled. If sideloading stops working entirely on your iOS 16 device and you cannot identify another cause, check Settings > Privacy & Security > Lockdown Mode. If it is on, temporarily disabling it will restore normal sideloading functionality.
Rapid Security Response (RSR) Updates
iOS 16 introduced RSR — small, rapid patches for critical security vulnerabilities delivered outside of normal iOS update cycles. These updates do not directly affect enterprise certificate validation, but they can occasionally coincide with Apple’s certificate enforcement actions, causing confusion about what changed. If apps stop working after an RSR update, the cause is most likely unrelated certificate revocation rather than the RSR itself.
Passkeys
iOS 16’s introduction of passkeys as a password replacement affected some sideloaded apps that used web-based authentication. Apps with web views that relied on password-based login forms sometimes encountered new prompts or broken flows when iOS 16 introduced passkey-first dialogs. This was an app compatibility issue, not a sideloading restriction per se.
Sideloading Methods on iOS 16
Enterprise Certificate Method (Scarlet iOS — Recommended)
Enterprise-certificate sideloading continued to function flawlessly across all iOS 16 versions. The Scarlet iOS installation flow was unchanged:
- Open Safari and go to scarletios.com.
- Tap the install button and confirm the Safari download prompt.
- Navigate to Settings > General > VPN & Device Management and trust the Scarlet iOS enterprise certificate.
- Open Scarlet iOS, browse the library, and tap to install any app.
AltStore and Sideloadly
These computer-based methods continued working on iOS 16 with their usual constraints: 7-day certificate expiry on free accounts, a desktop computer requirement, and AltServer running persistently in the background for Wi-Fi-based re-signing. A notable change on iOS 16 Windows was that Windows Defender and some third-party antivirus tools became more aggressive about flagging AltServer — a friction point that made many users prefer the certificate-free Scarlet iOS approach.
TrollStore (Limited Device and Version Support)
TrollStore exploited a CoreTrust vulnerability to install permanently-signed apps that never expire and do not require certificate trust. For iOS 16, TrollStore support was limited to specific version ranges on A14 and older chips. Apple patched the underlying vulnerability in iOS 16.2, ending TrollStore support for most iOS 16 users. For the limited subset of users on compatible device-version combinations, TrollStore offered a uniquely robust sideloading experience — but that window closed quickly.
iOS 16 Version Compatibility Summary
| iOS 16 Version | Enterprise Cert (Scarlet iOS) | AltStore / Sideloadly | TrollStore |
|---|---|---|---|
| 16.0 – 16.1.2 | Yes | Yes | A14 and older only |
| 16.2 – 16.4.1 | Yes | Yes | Not supported |
| 16.5 – 16.7.x | Yes | Yes | Not supported |
iOS 16-Specific Sideloading Limitations
- Lock Screen widgets for sideloaded apps: iOS 16 introduced customizable Lock Screen widgets — a new feature requiring App Store distribution with specific WidgetKit entitlements. Sideloaded apps cannot add Lock Screen widgets.
- Stage Manager on iPad: On supported iPads, Stage Manager required apps to declare modern multitasking support. Many older IPA files crashed or refused to enter Stage Manager windows.
- Background execution limits: iOS 16 tightened background execution policies for apps without App Store entitlements. Some enterprise-signed apps experienced reduced background refresh capability compared to iOS 15.
- iCloud features for sideloaded apps: CloudKit, iCloud Drive sync, and iCloud Backup for sideloaded app data were not available — consistent with previous versions.
Troubleshooting iOS 16 Sideloading Issues
- “Unable to Download App” in Safari: Clear Safari cache and cookies in Settings > Safari > Clear History and Website Data, then retry.
- App icon installs but app won’t open: The certificate trust step was likely skipped. Visit VPN & Device Management and confirm trust status.
- Lockdown Mode blocking the install: Temporarily disable Lockdown Mode in Privacy & Security settings.
- App stopped working after Rapid Security Response: This is usually certificate-related rather than caused by the RSR. Reinstall via Scarlet iOS for the latest signed version.
iOS 16 and Security: The Bottom Line
iOS 16 introduced meaningful new privacy tools while leaving enterprise certificate sideloading fully intact. Lockdown Mode is the only iOS 16 feature that can directly block sideloading, and it is off by default. For anyone looking to upgrade from iOS 16, the sideloading improvements in iOS 17 and 18 are worth knowing about — see our iOS 17 Sideloading guide for what changed next.
Wherever you are in the iOS version history, Scarlet iOS has you covered. Download Scarlet iOS and start sideloading on iOS 16 today.