New App Signing Methods Coming to iOS in 2026

App Signing: The Foundation of iOS Security and Sideloading

Every change to how iOS handles app signing has profound implications for the entire sideloading ecosystem. Apple’s code signing system — the mechanism by which iOS verifies that an app comes from a trusted source and has not been tampered with — is simultaneously the foundation of iOS security and the primary technical barrier to app freedom. In 2026, significant changes to this system are on the horizon, driven by both regulatory requirements and Apple’s own security engineering roadmap.

Understanding these changes is essential for anyone who cares about sideloading — from casual users to developers to the teams behind tools like Scarlet iOS. This article covers what is changing, what is staying the same, and what it all means in practice. For background on how current signing works, our guide on how to resign IPA files for sideloading provides a solid foundation.

What Is Changing: Overview

Several distinct changes to iOS app signing are expected or already underway in 2026:

1. New certificate types for Alternative Marketplace operators
2. Notarization cryptographic enhancements
3. Changes to on-device certificate validation
4. Longer-lived development certificates for free Apple IDs (under regulatory pressure)
5. New signing methods for web distribution apps

New Certificate Types for Alternative Marketplace Operators

The introduction of Apple’s Alternative Marketplace framework required Apple to create new certificate types that could differentiate Alternative Marketplace apps from both App Store apps and traditional enterprise-signed apps. In 2026, these certificate types are being refined and expanded.

Marketplace Operator Certificates

Alternative Marketplace operators receive a special class of certificate that allows them to sign apps distributed through their store without those apps being subject to all App Store guidelines. These certificates are issued through a new Apple developer portal section specifically for marketplace operators and have different attributes from standard developer certificates:

• They include a special extension indicating the marketplace operator’s identity and authorization level
• They are tied to the operator’s legal entity, not just an individual or team
• They include embedded notarization tickets that are verified during installation
• They expire annually and must be renewed through Apple’s portal

App-Level Signing Tokens

A new concept being introduced in 2026 is per-app signing tokens — cryptographic receipts issued by Apple’s notarization service that attest to a specific version of a specific app having passed notarization checks at a specific time. These tokens are embedded in the IPA and verified by iOS during installation alongside the certificate. Even if an operator’s certificate is valid, an app without a valid notarization token will be rejected on up-to-date iOS versions in regulated markets.

Notarization Cryptographic Enhancements

Apple’s notarization service is upgrading its cryptographic infrastructure in 2026, transitioning from its current signature scheme to a more robust system based on modern elliptic curve cryptography. The practical implications for users and developers are:

• Notarized apps will receive a new format of stapled ticket that is smaller and faster to verify on-device
• The notarization API is being updated with new endpoints — developers and marketplace operators will need to update their tooling
• Revocation of notarization tokens will work differently, with Apple able to revoke individual app tokens without affecting the broader certificate chain

On-Device Certificate Validation Changes

Currently, iOS validates app certificates primarily at installation time, with periodic online checks for enterprise certificates. A significant change coming in iOS 18.4 and being expanded in iOS 19 is a shift toward more continuous online validation for certain certificate types:

OCSP Expansion

Apple is expanding use of OCSP (Online Certificate Status Protocol) to validate more certificate types more frequently. This is primarily aimed at enterprise certificates used for public distribution (the type that powers many sideloading tools). More frequent OCSP checks mean that revoked certificates will stop working on all devices faster, rather than continuing to work until the next scheduled check.

Offline Grace Periods

To avoid breaking apps when users are offline, Apple is implementing grace periods for OCSP validation failures — if a device cannot reach Apple’s OCSP servers, apps will continue to work for a defined period (currently proposed at 48-72 hours) before being blocked pending validation.

Longer-Lived Development Certificates for Free Apple IDs

This is the change many users are most interested in. Under pressure from regulators and developers, Apple is being asked to extend the 7-day certificate lifespan for apps signed with free Apple ID development certificates. The current 7-day limit is widely seen as an arbitrary friction mechanism rather than a genuine security requirement.

Reports indicate Apple is considering extending this to 14 or 30 days, particularly for EU users where regulatory requirements mandate a minimum viable level of alternative distribution functionality. Tools like AltStore, which rely on free Apple ID signing, would benefit significantly from even a doubling of the certificate lifespan.

For tools like Scarlet iOS that use their own certificate infrastructure rather than user Apple IDs, this change has less direct impact — but it is a positive signal that Apple is beginning to relax the most arbitrary restrictions on developer certificate use. See our comparison of Apple Developer accounts vs free sideloading for more context on why certificate lifespan matters.

New Signing Methods for Web Distribution Apps

Apps distributed directly from developer websites (Apple’s “web distribution” feature, currently EU-only) use a specialized signing flow that differs from both traditional development signing and App Store signing. In 2026, this flow is being updated with:

• A streamlined certificate request process for qualifying developers
• Support for incremental app updates that only download changed components rather than the full IPA
• Integration with Safari’s download manager for better installation UX
• New entitlements specifically designed for web distribution that limit what the installed app can access (a compromise between full development entitlements and the more restricted App Store sandbox)

Impact on Scarlet iOS and Third-Party Signing Tools

Each of these changes requires adaptation from the developers of sideloading tools. The Scarlet iOS team monitors iOS signing changes closely and has a track record of maintaining compatibility through major iOS updates. Here is how the 2026 changes are expected to affect Scarlet:

OCSP Expansion

Scarlet’s certificate rotation system will need to be updated to account for faster revocation. The predictive pre-rotation system mentioned in our Scarlet iOS 2026 roadmap is designed specifically to stay ahead of this kind of change.

New Certificate Types

As Apple introduces new certificate categories for Alternative Marketplace operators, Scarlet iOS will evaluate whether any of these provide a path to more stable long-term operation while maintaining the same level of user capability.

Cryptographic Updates

The transition to new cryptographic schemes in notarization affects primarily Alternative Marketplace-distributed apps. For Scarlet’s core certificate-based installation method, the cryptographic fundamentals remain compatible with current approaches.

What Developers Need to Do

If you are an app developer who distributes through any channel other than the standard App Store, action items for 2026 include:

• Update your signing toolchain to support the new notarization API endpoints when they go live
• Test your apps against iOS 18.4+ beta to verify compatibility with expanded OCSP checks
• If you qualify for web distribution, explore the new streamlined certificate request process
• Review your entitlements to ensure compatibility with the new web distribution entitlement restrictions

Conclusion

The evolution of iOS app signing in 2026 reflects the tension between Apple’s desire for control and regulatory requirements for openness. Each change is carefully designed to meet the minimum letter of regulatory requirements while preserving as much of Apple’s gatekeeping capability as possible. The third-party sideloading community — and tools like Scarlet iOS — will continue to adapt, as they always have.

The bottom line for users: Scarlet iOS will continue to work, and it will continue to be updated to stay ahead of iOS changes. Download Scarlet iOS today and join the community that stays one step ahead of every iOS update.