diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
index 75fbaf1..3d64c5d 100644
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -22,7 +22,7 @@ tauri = { version = "2", features = ["devtools"] }
 tauri-plugin-opener = "2"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-idevice = { version = "0.1.57", features = ["usbmuxd", "house_arrest", "afc", "core_device_proxy", "remote_pairing", "tcp", "tunnel_tcp_stack", "xpc", "rsd", "pair"] }
+idevice = { version = "0.1.57", features = ["usbmuxd", "house_arrest", "afc", "core_device_proxy", "remote_pairing", "tcp", "tunnel_tcp_stack", "xpc", "rsd", "pair", "misagent"] }
 isideload = { version = "0.2.22", features = ["fs-storage"] }
 keyring = { version = "3.6.3", features = ["apple-native", "windows-native", "linux-native-sync-persistent"] }
 tauri-plugin-store = "2"
diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs
index b217fe9..c51c456 100644
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -11,6 +11,7 @@ mod secure_storage;
 mod error;
 mod logging;
 mod operation;
+mod refresh;
 
 use crate::{
     account::{
@@ -24,6 +25,10 @@ use crate::{
         delete_stored_rppairing, export_pairing_cmd, has_stored_rppairing, installed_pairing_apps,
         place_pairing_cmd,
     },
+    refresh::{
+        list_sidestore_apps, refresh_all_sidestore_apps_operation,
+        refresh_sidestore_app_operation,
+    },
     secure_storage::{force_disable_keyring, keyring_available},
     sideload::{SideloaderMutex, install_sidestore_operation, sideload_operation},
 };
@@ -126,6 +131,9 @@ pub fn run() {
             force_disable_keyring,
             cancel_pairing,
             has_stored_rppairing,
+            list_sidestore_apps,
+            refresh_sidestore_app_operation,
+            refresh_all_sidestore_apps_operation,
         ])
         .run(tauri::generate_context!())
         .expect("error while running tauri application");
diff --git a/src-tauri/src/refresh.rs b/src-tauri/src/refresh.rs
new file mode 100644
index 0000000..d28ff52
--- /dev/null
+++ b/src-tauri/src/refresh.rs
@@ -0,0 +1,323 @@
+use std::collections::{HashMap, HashSet};
+
+use idevice::{
+    IdeviceService, installation_proxy::InstallationProxyClient, misagent::MisagentClient,
+};
+use isideload::dev::app_ids::AppIdsApi;
+use serde::Serialize;
+use tauri::{State, Window};
+
+use crate::{
+    device::{DeviceInfoMutex, get_provider},
+    error::AppError,
+    operation::Operation,
+    sideload::{SideloaderGuard, SideloaderMutex},
+};
+
+#[derive(Serialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct SideStoreApp {
+    pub name: String,
+    pub bundle_id: String,
+    /// Bundle id stripped of trailing `.<TEAM_ID>` if present.
+    pub base_bundle_id: String,
+    pub team_identifier: Option<String>,
+    pub signer_identity: Option<String>,
+    pub version: Option<String>,
+    /// Whether this app appears to be sideloaded (has a SignerIdentity, not a system app).
+    pub is_sideloaded: bool,
+}
+
+fn get_string(dict: &plist::Dictionary, key: &str) -> Option<String> {
+    dict.get(key).and_then(|v| v.as_string()).map(String::from)
+}
+
+fn extract_team_id(app: &plist::Dictionary) -> Option<String> {
+    if let Some(t) = get_string(app, "TeamIdentifier") {
+        return Some(t);
+    }
+    if let Some(plist::Value::Array(arr)) = app.get("TeamIdentifier")
+        && let Some(plist::Value::String(s)) = arr.first()
+    {
+        return Some(s.clone());
+    }
+    if let Some(ent) = app.get("Entitlements").and_then(|v| v.as_dictionary()) {
+        if let Some(t) = get_string(ent, "com.apple.developer.team-identifier") {
+            return Some(t);
+        }
+        // application-identifier is "<TEAM_ID>.<bundle_id>"
+        if let Some(app_id) = get_string(ent, "application-identifier")
+            && let Some((team, _)) = app_id.split_once('.')
+        {
+            return Some(team.to_string());
+        }
+    }
+    // SignerIdentity often looks like: "iPhone Developer: name (TEAMID)"
+    if let Some(signer) = get_string(app, "SignerIdentity")
+        && let Some(start) = signer.rfind('(')
+        && let Some(end) = signer.rfind(')')
+        && end > start + 1
+    {
+        let candidate = &signer[start + 1..end];
+        if candidate.len() == 10 && candidate.chars().all(|c| c.is_ascii_alphanumeric()) {
+            return Some(candidate.to_string());
+        }
+    }
+    None
+}
+
+fn strip_team_suffix(bundle_id: &str, team_id: Option<&str>) -> String {
+    if let Some(team_id) = team_id {
+        let suffix = format!(".{}", team_id);
+        if bundle_id.ends_with(&suffix) {
+            return bundle_id[..bundle_id.len() - suffix.len()].to_string();
+        }
+    }
+    bundle_id.to_string()
+}
+
+async fn fetch_apps_inner(
+    device_state: &State<'_, DeviceInfoMutex>,
+) -> Result<Vec<SideStoreApp>, AppError> {
+    let device = {
+        let guard = device_state.lock().unwrap();
+        match &*guard {
+            Some(d) => d.clone(),
+            None => return Err(AppError::NoDeviceSelected),
+        }
+    };
+
+    let provider = get_provider(&device.info).await?;
+    let mut inst = InstallationProxyClient::connect(&provider).await.map_err(|e| {
+        AppError::DeviceComsWithMessage(
+            "Failed to connect to installation proxy".into(),
+            e.to_string(),
+        )
+    })?;
+
+    let installed = inst.get_apps(Some("User"), None).await.map_err(|e| {
+        AppError::DeviceComsWithMessage("Failed to list installed apps".into(), e.to_string())
+    })?;
+
+    let mut result = Vec::new();
+    for (bundle_id, app_value) in installed {
+        let Some(app) = app_value.as_dictionary() else {
+            continue;
+        };
+
+        let name = get_string(app, "CFBundleDisplayName")
+            .or_else(|| get_string(app, "CFBundleName"))
+            .unwrap_or_else(|| bundle_id.clone());
+        let signer = get_string(app, "SignerIdentity");
+        let team_id = extract_team_id(app);
+        let version = get_string(app, "CFBundleShortVersionString");
+
+        // SideStore-installed app markers — at least one of these must be present:
+        //  - ALTBundleIdentifier (set by SideStore at install time)
+        //  - a GroupContainers / ALTAppGroups entry referencing AltStore/SideStore app groups
+        //  - UTExportedTypeDeclarations entry with "io.sidestore.Installed.*" identifier
+        let has_alt_bundle_id = app.get("ALTBundleIdentifier").is_some();
+        let has_alt_app_groups = app.get("ALTAppGroups").is_some();
+
+        let group_containers_match = app
+            .get("GroupContainers")
+            .and_then(|v| v.as_dictionary())
+            .map(|d| {
+                d.keys().any(|k| {
+                    k.contains("com.SideStore.SideStore") || k.contains("com.rileytestut.AltStore")
+                })
+            })
+            .unwrap_or(false);
+
+        let utt_exports_sidestore = app
+            .get("UTExportedTypeDeclarations")
+            .and_then(|v| v.as_array())
+            .map(|arr| {
+                arr.iter().any(|entry| {
+                    entry
+                        .as_dictionary()
+                        .and_then(|d| d.get("UTTypeIdentifier"))
+                        .and_then(|v| v.as_string())
+                        .map(|s| s.starts_with("io.sidestore.Installed."))
+                        .unwrap_or(false)
+                })
+            })
+            .unwrap_or(false);
+
+        let is_sidestore_app = has_alt_bundle_id
+            || has_alt_app_groups
+            || group_containers_match
+            || utt_exports_sidestore;
+        if !is_sidestore_app {
+            continue;
+        }
+
+        let base_bundle_id = strip_team_suffix(&bundle_id, team_id.as_deref());
+
+        result.push(SideStoreApp {
+            name,
+            bundle_id,
+            base_bundle_id,
+            team_identifier: team_id,
+            signer_identity: signer,
+            version,
+            is_sideloaded: true,
+        });
+    }
+
+    result.sort_by(|a, b| a.name.to_lowercase().cmp(&b.name.to_lowercase()));
+    Ok(result)
+}
+
+#[tauri::command]
+pub async fn list_sidestore_apps(
+    device_state: State<'_, DeviceInfoMutex>,
+) -> Result<Vec<SideStoreApp>, AppError> {
+    fetch_apps_inner(&device_state).await
+}
+
+async fn refresh_one(
+    device_state: &State<'_, DeviceInfoMutex>,
+    sideloader_state: &State<'_, SideloaderMutex>,
+    bundle_id: &str,
+) -> Result<(), AppError> {
+    let device = {
+        let guard = device_state.lock().unwrap();
+        match &*guard {
+            Some(d) => d.clone(),
+            None => return Err(AppError::NoDeviceSelected),
+        }
+    };
+
+    let provider = get_provider(&device.info).await?;
+
+    // Acquire team + matching app id from the developer session.
+    let mut sideloader = SideloaderGuard::take(sideloader_state)?;
+    let team = sideloader.get_mut().get_team().await?;
+    let dev_session = sideloader.get_mut().get_dev_session();
+
+    let app_ids_resp = dev_session
+        .list_app_ids(&team, None)
+        .await
+        .map_err(AppError::from)?;
+
+    // Find the matching App ID. Apple stores it as "<base>.<team_id>". The
+    // installed app's bundle_id is also "<base>.<team_id>" most of the time,
+    // but we accept exact match against either form.
+    let target_id = app_ids_resp
+        .app_ids
+        .iter()
+        .find(|a| a.identifier == bundle_id)
+        .or_else(|| {
+            app_ids_resp
+                .app_ids
+                .iter()
+                .find(|a| a.identifier.starts_with(&format!("{}.", bundle_id)))
+        })
+        .ok_or_else(|| {
+            AppError::Misc(format!(
+                "Could not find a matching App ID on the developer account for {}. \
+                 The app must have been installed with this Apple ID.",
+                bundle_id
+            ))
+        })?
+        .clone();
+
+    let profile = dev_session
+        .download_team_provisioning_profile(&team, &target_id, None)
+        .await
+        .map_err(AppError::from)?;
+
+    let profile_bytes: Vec<u8> = profile.encoded_profile.as_ref().to_vec();
+
+    drop(sideloader);
+
+    let mut misagent = MisagentClient::connect(&provider).await.map_err(|e| {
+        AppError::DeviceComsWithMessage("Failed to connect to misagent".into(), e.to_string())
+    })?;
+
+    misagent.install(profile_bytes).await.map_err(|e| {
+        AppError::DeviceComsWithMessage(
+            "Failed to install provisioning profile via misagent".into(),
+            e.to_string(),
+        )
+    })?;
+
+    Ok(())
+}
+
+#[tauri::command]
+pub async fn refresh_sidestore_app_operation(
+    window: Window,
+    device_state: State<'_, DeviceInfoMutex>,
+    sideloader_state: State<'_, SideloaderMutex>,
+    bundle_id: String,
+) -> Result<(), AppError> {
+    let op = Operation::new("refresh_sidestore_app".to_string(), &window);
+    op.start("refresh")?;
+    op.fail_if_err(
+        "refresh",
+        refresh_one(&device_state, &sideloader_state, &bundle_id).await,
+    )?;
+    op.complete("refresh")?;
+    Ok(())
+}
+
+#[tauri::command]
+pub async fn refresh_all_sidestore_apps_operation(
+    window: Window,
+    device_state: State<'_, DeviceInfoMutex>,
+    sideloader_state: State<'_, SideloaderMutex>,
+) -> Result<RefreshAllResult, AppError> {
+    let op = Operation::new("refresh_all_sidestore_apps".to_string(), &window);
+    op.start("collect")?;
+
+    let apps = op.fail_if_err("collect", fetch_apps_inner(&device_state).await)?;
+    op.move_on("collect", "refresh")?;
+
+    // Determine team id once (used for filtering apps to refresh).
+    let team_id = {
+        let mut sideloader = match SideloaderGuard::take(&sideloader_state) {
+            Ok(s) => s,
+            Err(e) => return op.fail("refresh", e),
+        };
+        match sideloader.get_mut().get_team().await {
+            Ok(t) => Some(t.team_id),
+            Err(_) => None,
+        }
+    };
+
+    let mut succeeded = Vec::new();
+    let mut failed: HashMap<String, String> = HashMap::new();
+    let mut seen: HashSet<String> = HashSet::new();
+
+    for app in apps {
+        if let (Some(t1), Some(t2)) = (team_id.as_ref(), app.team_identifier.as_ref())
+            && t1 != t2
+        {
+            // Skip apps signed with a different team than the one we're logged into.
+            continue;
+        }
+        if !seen.insert(app.bundle_id.clone()) {
+            continue;
+        }
+
+        match refresh_one(&device_state, &sideloader_state, &app.bundle_id).await {
+            Ok(()) => succeeded.push(app.bundle_id.clone()),
+            Err(e) => {
+                failed.insert(app.bundle_id.clone(), e.to_string());
+            }
+        }
+    }
+
+    op.complete("refresh")?;
+
+    Ok(RefreshAllResult { succeeded, failed })
+}
+
+#[derive(Serialize, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct RefreshAllResult {
+    pub succeeded: Vec<String>,
+    pub failed: HashMap<String, String>,
+}
diff --git a/src/App.tsx b/src/App.tsx
index 85bcd91..0cd379b 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -21,6 +21,7 @@ import { Certificates } from "./pages/Certificates";
 import { AppIds } from "./pages/AppIds";
 import { Settings } from "./pages/Settings";
 import { Pairing } from "./pages/Pairing";
+import { SideStoreApps } from "./pages/SideStoreApps";
 import { getVersion } from "@tauri-apps/api/app";
 import { checkForUpdates } from "./update";
 import logo from "./iloader.svg";
@@ -37,7 +38,7 @@ function App() {
   const [loggedInAs, setLoggedInAs] = useState<string | null>(null);
   const [selectedDevice, setSelectedDevice] = useState<DeviceInfo | null>(null);
   const [openModal, setOpenModal] = useState<
-    null | "certificates" | "appids" | "pairing"
+    null | "certificates" | "appids" | "pairing" | "sidestore_apps"
   >(null);
   const [version, setVersion] = useState<string>("");
 
@@ -168,6 +169,10 @@ function App() {
         event.preventDefault();
         if (!ensuredLoggedIn()) return;
         setOpenModal("appids");
+      } else if (event.shiftKey && key === "r") {
+        event.preventDefault();
+        if (!ensuredLoggedIn() || !ensureSelectedDevice()) return;
+        setOpenModal("sidestore_apps");
       } else if (!event.shiftKey && key === "r") {
         event.preventDefault();
         refreshDevicesRef.current?.();
@@ -240,6 +245,18 @@ function App() {
                 {t("app.manage_pairing_file")}{" "}
                 <span aria-hidden="true">{shortcutLabel("⌘P", "Ctrl+P")}</span>
               </button>
+              <button
+                className="workspace-list-item"
+                onClick={() => {
+                  if (!ensuredLoggedIn() || !ensureSelectedDevice()) return;
+                  setOpenModal("sidestore_apps");
+                }}
+              >
+                {t("app.sidestore_apps")}{" "}
+                <span aria-hidden="true">
+                  {shortcutLabel("⌘⇧R", "Ctrl+Shift+R")}
+                </span>
+              </button>
               <button
                 className="workspace-list-item"
                 onClick={() => {
@@ -416,6 +433,12 @@ function App() {
       <Modal isOpen={openModal === "pairing"} close={() => setOpenModal(null)}>
         <Pairing />
       </Modal>
+      <Modal
+        isOpen={openModal === "sidestore_apps"}
+        close={() => setOpenModal(null)}
+      >
+        <SideStoreApps setOperationState={setOperationState} />
+      </Modal>
     </main>
   );
 }
diff --git a/src/components/operations.ts b/src/components/operations.ts
index 3b5fdb4..957972d 100644
--- a/src/components/operations.ts
+++ b/src/components/operations.ts
@@ -88,3 +88,33 @@ export const sideloadOperation = {
     },
   ],
 };
+
+export const refreshSideStoreAppOperation: Operation = {
+  id: "refresh_sidestore_app",
+  titleKey: "operations.refresh_sidestore_app_title",
+  successTitleKey: "operations.refresh_sidestore_app_success_title",
+  successMessageKey: "operations.refresh_sidestore_app_success_message",
+  steps: [
+    {
+      id: "refresh",
+      titleKey: "operations.refresh_sidestore_app_step_refresh",
+    },
+  ],
+};
+
+export const refreshAllSideStoreAppsOperation: Operation = {
+  id: "refresh_all_sidestore_apps",
+  titleKey: "operations.refresh_all_sidestore_apps_title",
+  successTitleKey: "operations.refresh_all_sidestore_apps_success_title",
+  successMessageKey: "operations.refresh_all_sidestore_apps_success_message",
+  steps: [
+    {
+      id: "collect",
+      titleKey: "operations.refresh_all_sidestore_apps_step_collect",
+    },
+    {
+      id: "refresh",
+      titleKey: "operations.refresh_all_sidestore_apps_step_refresh",
+    },
+  ],
+};
diff --git a/src/locales/en.json b/src/locales/en.json
index 17d70e0..16edb14 100644
--- a/src/locales/en.json
+++ b/src/locales/en.json
@@ -27,6 +27,7 @@
     "section_placeholder": "Placeholder",
     "section_management": "Management",
     "manage_pairing_file": "Manage Pairing File",
+    "sidestore_apps": "SideStore Apps",
     "refresh_devices": "Refresh Devices",
     "certificates": "Certificates",
     "app_ids": "App IDs",
@@ -115,7 +116,16 @@
     "install_livecontainer_step_install": "Sign & Install LiveContainer+SideStore",
     "install_livecontainer_step_pairing": "Place Pairing File",
     "sideload_title": "Installing App",
-    "sideload_step_install": "Sign & Install App"
+    "sideload_step_install": "Sign & Install App",
+    "refresh_sidestore_app_title": "Refreshing App",
+    "refresh_sidestore_app_success_title": "App Refreshed!",
+    "refresh_sidestore_app_success_message": "The provisioning profile was reinstalled successfully.",
+    "refresh_sidestore_app_step_refresh": "Fetch & Install Profile",
+    "refresh_all_sidestore_apps_title": "Refreshing All Apps",
+    "refresh_all_sidestore_apps_success_title": "All Apps Refreshed!",
+    "refresh_all_sidestore_apps_success_message": "Provisioning profiles were reinstalled.",
+    "refresh_all_sidestore_apps_step_collect": "Collect Installed Apps",
+    "refresh_all_sidestore_apps_step_refresh": "Fetch & Install Profiles"
   },
   "certificates": {
     "manage": "Manage Certificates",
@@ -170,6 +180,29 @@
     "refresh_installed_apps": "Rescan Installed Apps",
     "place_all": "Place In All Apps"
   },
+  "sidestore_apps": {
+    "title": "SideStore Apps",
+    "description": "Refresh provisioning profiles for apps installed via SideStore (or any sideloaded app on this device). The app's signature is preserved; only the embedded profile is renewed via misagent. You must be signed in with the same Apple ID used to install the app.",
+    "loading": "Loading installed apps...",
+    "loaded_success": "Installed apps loaded.",
+    "failed_load": "Failed to load installed apps",
+    "none_found": "No sideloaded apps detected on this device.",
+    "name": "Name",
+    "bundle_id": "Bundle ID",
+    "team_id": "Team",
+    "version": "Version",
+    "action": "Action",
+    "refresh": "Refresh",
+    "refreshing": "Refreshing...",
+    "refresh_all": "Refresh All Apps",
+    "refreshing_all": "Refreshing all apps...",
+    "reload": "Rescan Installed Apps",
+    "refreshed_success": "Refreshed {{name}}",
+    "refreshed_all_success": "Refreshed {{count}} apps",
+    "refreshed_all_partial": "Refreshed {{ok}} apps; {{fail}} failed (see logs)",
+    "failed_refresh": "Failed to refresh app",
+    "failed_refresh_all": "Failed to refresh apps"
+  },
   "settings": {
     "anisette_server": "Anisette Server:",
     "custom_anisette_placeholder": "Custom Anisette Server",
diff --git a/src/pages/SideStoreApps.tsx b/src/pages/SideStoreApps.tsx
new file mode 100644
index 0000000..10b38f0
--- /dev/null
+++ b/src/pages/SideStoreApps.tsx
@@ -0,0 +1,266 @@
+import "./Certificates.css";
+import { invoke } from "@tauri-apps/api/core";
+import React, { useCallback, useEffect, useRef, useState } from "react";
+import { toast } from "sonner";
+import { useError } from "../ErrorContext";
+import { useTranslation } from "react-i18next";
+import {
+  refreshAllSideStoreAppsOperation,
+  refreshSideStoreAppOperation,
+  Operation,
+  OperationState,
+  OperationUpdate,
+} from "../components/operations";
+import { listen } from "@tauri-apps/api/event";
+
+export type SideStoreApp = {
+  name: string;
+  bundleId: string;
+  baseBundleId: string;
+  teamIdentifier?: string | null;
+  signerIdentity?: string | null;
+  version?: string | null;
+  isSideloaded: boolean;
+};
+
+type RefreshAllResult = {
+  succeeded: string[];
+  failed: Record<string, string>;
+};
+
+type Props = {
+  setOperationState: React.Dispatch<
+    React.SetStateAction<OperationState | null>
+  >;
+};
+
+export const SideStoreApps = ({ setOperationState }: Props) => {
+  const { t } = useTranslation();
+  const [apps, setApps] = useState<SideStoreApp[]>([]);
+  const [loading, setLoading] = useState<boolean>(false);
+  const [busyBundle, setBusyBundle] = useState<string | null>(null);
+  const loadingRef = useRef<boolean>(false);
+  const { err } = useError();
+
+  const loadApps = useCallback(async () => {
+    if (loadingRef.current) return;
+    const promise = async () => {
+      loadingRef.current = true;
+      setLoading(true);
+      try {
+        const list = await invoke<SideStoreApp[]>("list_sidestore_apps");
+        setApps(list);
+      } finally {
+        setLoading(false);
+        loadingRef.current = false;
+      }
+    };
+    toast.promise(promise, {
+      loading: t("sidestore_apps.loading"),
+      success: t("sidestore_apps.loaded_success"),
+      error: (e) => err(t("sidestore_apps.failed_load"), e),
+    });
+  }, [t, err]);
+
+  const startOperation = useCallback(
+    async (
+      operation: Operation,
+      params: Record<string, any>,
+    ): Promise<any> => {
+      setOperationState({
+        current: operation,
+        started: [],
+        failed: [],
+        completed: [],
+      });
+      return new Promise<any>(async (resolve, reject) => {
+        const unlistenFn = await listen<OperationUpdate>(
+          "operation_" + operation.id,
+          (event) => {
+            setOperationState((old) => {
+              if (old == null) return null;
+              if (event.payload.updateType === "started") {
+                return {
+                  ...old,
+                  started: [...old.started, event.payload.stepId],
+                };
+              } else if (event.payload.updateType === "finished") {
+                return {
+                  ...old,
+                  completed: [...old.completed, event.payload.stepId],
+                };
+              } else if (event.payload.updateType === "failed") {
+                return {
+                  ...old,
+                  failed: [
+                    ...old.failed,
+                    {
+                      stepId: event.payload.stepId,
+                      extraDetails: event.payload.extraDetails,
+                    },
+                  ],
+                };
+              }
+              return old;
+            });
+          },
+        );
+        try {
+          const result = await invoke(operation.id + "_operation", params);
+          unlistenFn();
+          resolve(result);
+        } catch (e) {
+          unlistenFn();
+          reject(e);
+        }
+      });
+    },
+    [setOperationState],
+  );
+
+  const refreshOne = useCallback(
+    async (app: SideStoreApp) => {
+      setBusyBundle(app.bundleId);
+      try {
+        await startOperation(refreshSideStoreAppOperation, {
+          bundleId: app.bundleId,
+        });
+        toast.success(
+          t("sidestore_apps.refreshed_success", { name: app.name }),
+        );
+      } catch (e: any) {
+        toast.error(err(t("sidestore_apps.failed_refresh"), e));
+      } finally {
+        setBusyBundle(null);
+      }
+    },
+    [startOperation, t, err],
+  );
+
+  const refreshAll = useCallback(async () => {
+    setBusyBundle("__all__");
+    try {
+      const result = (await startOperation(
+        refreshAllSideStoreAppsOperation,
+        {},
+      )) as RefreshAllResult;
+      const ok = result?.succeeded?.length ?? 0;
+      const fail = Object.keys(result?.failed ?? {}).length;
+      if (fail === 0) {
+        toast.success(
+          t("sidestore_apps.refreshed_all_success", { count: ok }),
+        );
+      } else {
+        toast.warning(
+          t("sidestore_apps.refreshed_all_partial", {
+            ok,
+            fail,
+          }),
+        );
+        for (const [bid, msg] of Object.entries(result.failed)) {
+          console.error(`Failed to refresh ${bid}: ${msg}`);
+        }
+      }
+    } catch (e: any) {
+      toast.error(err(t("sidestore_apps.failed_refresh_all"), e));
+    } finally {
+      setBusyBundle(null);
+    }
+  }, [startOperation, t, err]);
+
+  useEffect(() => {
+    loadApps();
+  }, []);
+
+  return (
+    <>
+      <h2>{t("sidestore_apps.title")}</h2>
+      <p style={{ marginTop: 0, opacity: 0.8 }}>
+        {t("sidestore_apps.description")}
+      </p>
+      {apps.length === 0 ? (
+        <div>
+          {loading
+            ? t("sidestore_apps.loading")
+            : t("sidestore_apps.none_found")}
+        </div>
+      ) : (
+        <div className="card">
+          <div className="certificate-table-container">
+            <table className="certificate-table">
+              <thead>
+                <tr className="certificate-item">
+                  <th className="cert-item-part">
+                    {t("sidestore_apps.name")}
+                  </th>
+                  <th className="cert-item-part">
+                    {t("sidestore_apps.bundle_id")}
+                  </th>
+                  <th className="cert-item-part">
+                    {t("sidestore_apps.team_id")}
+                  </th>
+                  <th className="cert-item-part">
+                    {t("sidestore_apps.version")}
+                  </th>
+                  <th>{t("sidestore_apps.action")}</th>
+                </tr>
+              </thead>
+              <tbody>
+                {apps.map((app, i) => (
+                  <tr
+                    key={app.bundleId}
+                    className={
+                      "certificate-item" +
+                      (i === apps.length - 1 ? " cert-item-last" : "")
+                    }
+                  >
+                    <td className="cert-item-part">{app.name}</td>
+                    <td className="cert-item-part">{app.bundleId}</td>
+                    <td className="cert-item-part">
+                      {app.teamIdentifier ?? "-"}
+                    </td>
+                    <td className="cert-item-part">{app.version ?? "-"}</td>
+                    <td
+                      className="pairing-place"
+                      role="button"
+                      tabIndex={0}
+                      onClick={() => {
+                        if (busyBundle) return;
+                        refreshOne(app);
+                      }}
+                      style={{
+                        opacity:
+                          busyBundle && busyBundle !== app.bundleId ? 0.5 : 1,
+                        pointerEvents: busyBundle ? "none" : "auto",
+                      }}
+                    >
+                      {busyBundle === app.bundleId
+                        ? t("sidestore_apps.refreshing")
+                        : t("sidestore_apps.refresh")}
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          </div>
+        </div>
+      )}
+      <button
+        style={{ marginTop: "1em", width: "100%" }}
+        onClick={refreshAll}
+        disabled={!!busyBundle || apps.length === 0}
+      >
+        {busyBundle === "__all__"
+          ? t("sidestore_apps.refreshing_all")
+          : t("sidestore_apps.refresh_all")}
+      </button>
+      <button
+        style={{ marginTop: "1em", width: "100%" }}
+        onClick={loadApps}
+        disabled={loading || !!busyBundle}
+      >
+        {t("sidestore_apps.reload")}
+      </button>
+    </>
+  );
+};