Sideloaded apps stay installed only as long as their signing certificate is valid, and iOS quietly checks that validity against Appleās servers. When a check goes through and the certificate has been pulled, the app stops opening. RevokeGuard sets up a DNS profile that keeps those checks from completing, so apps you installed outside the App Store keep running.
Inside the shortcut
RevokeGuard installs a DNS configuration profile that points your deviceās certificate-verification lookups at a server built to swallow them. Instead of letting iOS reach Appleās revocation endpoints, the profile isolates that traffic, which is the ānetwork isolationā the description refers to. Your sideloaded appās certificate never actually changes. Instead, your device simply stops getting told itās been revoked, which is enough to keep the app launching.
You also get a choice of DNS provider. The shortcut ships with two options, and you pick whichever one you prefer when you run it.
Adding it to your iPhone
- Tap Add Shortcut on this page to bring it into your Shortcuts library.
- Run RevokeGuard and pick one of the offered DNS providers when prompted.
- iOS will hand you a configuration profile to install. Open Settings, then VPN & Device Management, and tap the profile to add it.
- Set that DNS profile as your active configuration under Settings > General > VPN, DNS & Device Management (the exact path varies slightly by iOS version).
Using it day-to-day
Once the profile is active you mostly leave it alone. DNS keeps working in the background, blocking the verification traffic that would otherwise revoke your apps. Thereās nothing to open or tap each morning.
The one moment that needs your attention is installing a new sideloaded app. Trusting a fresh certificate uses the same verification path the profile is blocking, so you may need to switch your DNS back to Automatic, trust the app, then switch RevokeGuardās profile back on. RevokeGuard bundles two providers precisely because one can behave differently from another, and swapping between them is a quick fix when a particular app refuses to verify.
When it helps
- Keeping an emulator, tweaked client, or other sideloaded IPA running past the point Apple would normally revoke it.
- Holding a free seven-day signing certificate usable for its full window without an early cutoff.
- Switching to a second DNS provider when the first one stops blocking revocations for a specific app.
- Running self-signed utilities that you re-sign yourself and donāt want interrupted mid-week.
What it canāt do
RevokeGuard is preventative, not a repair tool. It cannot bring back an app thatās already been revoked. If an app died before you set the profile up, youāll need to re-sign and reinstall it, after which the DNS keeps the new install alive. Blocking certificate checks is also a blunt instrument, so if something unrelated to sideloading starts misbehaving, toggling back to Automatic DNS is the first thing to try.
Quick answers
Is RevokeGuard actually free?
RevokeGuard and both bundled DNS providers cost nothing. Youāre using public anti-revoke DNS servers, not a paid subscription, so thereās no account or card involved.
My app got revoked yesterday. Will this undo that?
Unfortunately no. Once a certificate is revoked the app is already dead, and a DNS profile canāt reverse it. Reinstall or re-sign the app first, and RevokeGuard will protect that fresh copy from the next round of revocation checks.
Why does the shortcut offer two different DNS providers?
Anti-revoke DNS isnāt uniform. A server that blocks revocations cleanly for one certificate may miss another, so having Michelleās DNS and KhoinDVNās DNS on hand lets you switch if one stops covering a particular app.
