Redistribute unsigned iPhone app

Sorry if this is a very late answer, but the question is not closed yet, so I assume you still need an answer. It's a security issue, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think this is a big concern. If they jailbreak, they probably know what they are doing.

To answer the first part of your question, you can use ldid to pseudo-sign your application and then create an itms-services: // link that users click to install. The only caveat in this case is that the iOS device will contact oscp.apple.com and ax.init.itunes.apple.com to verify the app signature. If you want to work around this, you will have to change the DNS settings of the iOS device using a mobile config file. Do this using the Apple iPhone Configuration Utility, which will generate a .mobileconfig with the settings you specified. You don't have to create a specific file for each device, so you can make one and you're done.

Anyway, back to the topic, jailbreaking doesn't eliminate the need for code coding, it removes the need to sign the app with Apple certificates. itms-services: // is a workaround (for developers) of the same "necessity". Since Apple clearly doesn't want people who are not developers to just sign apps that Apple doesn't approve and don't install, they've implemented certificate checks. The signing certificate is cross-validated with two Apple servers. One of the servers (I don't know which one) checks "iPhone Developer:" for the certificate name. Another verifies that it was signed with the Apple WWDRCA certificate. If the iOS device receives a response from any of the servers, the application is "bad". If the iOS device doesn't receive a response, it will install the app anyway.

The workaround for this should be to clone the DNS server and create a specific entry that will change the IP address of these two servers to something (something). Thus, the device will not receive a response and will install the app.