Empowering iOS Devices with True Sideloading Capabilities: A Detailed Installation Guide and User Manual for TrollStore
Sideloading simply means bypassing the official app store to install applications directly from other sources, a common practice on Android phones, which is why we often say that Android offers high playability. But is there a way to enable sideloading on iOS devices as well, to enhance their playability?
The answer is yes. Tools like AltStore and Sideloadly can achieve iOS sideloading by re-signing apps with developer accounts. Apple allows developers to install any app on iOS devices, but this “officially allowed” method of sideloading comes with downsides: for instance, free developer accounts only let apps run for 7 days before a re-sideload is needed, and you can only install up to three apps simultaneously; paid developer accounts allow apps to last a year without these limitations, but at a cost of $99 per year, which is significant for most users. There are numerous other limitations, which you can read about in the FAQs of the aforementioned sideloading tools.
These “officially allowed” methods of sideloading come with various drawbacks and restrictions, which isn’t true freedom in sideloading.
It’s time to introduce TrollStore, our main character here, which exploits an AMFI/CoreTrust bug in iOS to permanently install any app. However, the exploit is only enough to install “system” applications, which grants these apps more permissions than typical user-installed apps, though less than what’s available through jailbreaking. Apps like SeaShell can be installed via TrollStore, offering capabilities such as remote access, device control, and sensitive information extraction.
A word of caution: using TrollStore to install apps (IPA) carries significant risks. It’s recommended to use a spare iOS device for installing TrollStore and to avoid storing sensitive information on it. Additionally, devices with TrollStore installed should not be updated, as system updates will disable TrollStore and further reduce the device’s security.
Introduction to Installing TrollStore
The installation method is referenced from: https://ios.cfw.guide/installing-trollstore/. The installation process varies by device and system version. For instance, my device, an iPad mini 6 running iOS 16.4.1, can install TrollStore using TrollInstallerX as seen in the tutorial below.
The installation method for TrollInstallerX is detailed here: https://ios.cfw.guide/installing-trollstore-trollinstallerx/. This tutorial uses the Sideloadly tool to sideload it onto an iOS device, though other sideloading tools can be used as desired.
Installing Sideloadly
The installation process is detailed at https://sideloadly.io/.
-
Install iTunes and iCloud (only necessary on Windows; macOS users can skip this step). It’s important to uninstall any Microsoft Store versions of iTunes and iCloud first, then install the non-Microsoft Store versions.
Download links: iTunes x64, iTunes x32, and iCloud
-
Install Sideloadly, which will require administrator permissions.
Windows version download links: Sideloadly x64, Sideloadly x32; macOS version download link: Sideloadly
Installing TrollInstallerX onto an iOS Device
First, download TrollInstallerX from the latest release here: https://github.com/alfiecg24/TrollInstallerX/releases/latest. The download yields a TrollInstallerX.ipa file.
An aside: When I was downloading on the Windows system, it was detected as a virus by Microsoft Defender. Even after I chose “Allow on device”, I still couldn’t see the downloaded file. I wasn’t sure why, so I turned off “Real-time protection” and was then able to successfully download TrollInstallerX.ipa.
-
Launch Sideloadly and connect your iOS device to the computer. Your device will appear under iDevice. You must also select “Trust” in the “Trust This Computer” prompt that appears on your iOS device. If you do not trust the computer, the sideloading installation of TrollInstallerX will fail
-
Click the “IPA icon” and select the TrollInstallerX.ipa file you downloaded
-
Enter your Apple ID (only sent to Apple’s servers for authentication, use a secondary account if concerned)
-
Click “Start” button
-
In the Apple ID Authentication popup, enter your password and click “OK” button
-
“Done.” appears indicating the sideload install is complete
Running TrollInstallerX on an iOS Device
-
You’ll find the TrollInstallerX app icon on your iOS device’s main screen
-
At this time, the app cannot be opened because the developer has not yet been trusted. The detailed steps to trust the developer are:
-
Open “Settings” app, navigate through: General → VPN & Device Management → <Your Apple ID>,
arrive at the following screen and tap ‘Trust “<Your Apple ID>”’
-
In the popup, tap “Trust”
-
-
For devices on iOS 16.0 to 16.6.1, “Developer Mode” needs to be enabled:
-
Open “Settings” app, go to: Privacy & Security → Developer Mode,
see the following screen and tap to enable “Developer Mode”
-
In the popup, click “Restart”
-
After reboot, confirm by clicking “Turn On” in the popup that appears
-
-
Return to the home screen, open the TrollInstallerX app, and click “Install TrollStore”
-
During installation, a “Persistence helper” popup appears. Choose the “Tips” app or another unused app, as this system app will be injected as a persistence helper. In some cases (see details here), TrollStore and all apps installed through it revert to “user” status and will not launch unless re-registered as “system” apps using the persistence helper
-
After successful installation, a “TrollStore” app icon appears on the desktop
-
Open the TrollStore app, which will automatically download and install Idid. At this point, TrollStore is successfully installed
TrollStore IPA Resources
TrollStore-IPAs: This GitHub repository collects a treasure trove of IPA sources compatible with TrollStore.
A reminder again that using TrollStore to install apps carries risks.
Using TrollStore
Installing Apps (IPA)
First, let’s introduce how to install applications, which is the primary purpose of installing TrollStore. To let TrollStore install, just open the IPA file. Here are two methods, the first involves direct download in the browser:
-
In Safari, after downloading an IPA file → click the downloaded file → click the share button → in the share menu, select TrollStore
-
After jumping to TrollStore, an installation popup appears, click “Install” and the app will be installed shortly
Another method involves using AirDrop:
-
On another Apple device, select an IPA file and AirDrop it to the iOS device with TrollStore. On the iOS device, a receiving popup will appear, click “Accept” then in the “Open with” popup, select “TrollStore”
-
Then, as with the previous method, click “Install”
Uninstalling Apps
The next most common task is uninstalling apps. Officially, apps installed from TrollStore must be uninstalled from TrollStore itself, according to the documentation:
Apps installed from TrollStore can only be uninstalled from TrollStore itself, tap an app or swipe it to the left in the ‘Apps’ tab to delete it.
However, I’ve found that the usual iOS method of long-pressing on the home screen and clicking “Remove App” also seems to work, removing the app from both the device and the TrollStore app list. Despite this, it’s recommended to uninstall via TrollStore, as it likely removes additional residual files.
To uninstall using TrollStore: long-press an app in the app list and click “Uninstall App” or swipe left on an app and click “Delete” as shown in the images below:
JIT-Related
Some game emulators require JIT compilation to speed up performance, and some even need JIT to function properly. In the TrollStore 2.0.12 update, the “Open with JIT” feature was added, see details here, which allows apps to enable JIT in sandbox mode, not just in non-sandbox mode as before. To use this feature, long-press an app in the app list and click “Open with JIT” as shown in the image below:
Additional updates on using TrollStore may follow periodically.