What are the file differences between the IPA I created with Xcode, uploaded to the App Store, and the one downloaded to the end user's phone? Does any process other than encryption, re-signing, and app thinning cause changes in these files?
Differences Between Xcode-Built IPA and User-Downloaded IPA
Does any process other than encryption, re-signing, and app thinning cause changes in these files?
My experience is that folks who ask questions like this are building some sort of integrity checking into their app. Is that what you’re doing here?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Yes, You can consider this as an anti-tampering solution. However, I am more interested in acquiring information about the system and extracting analysis.
As far as I can guess, the process is as follows:
Developer side:
- Distribution IPA content contains hash values and necessary rules for the signature under the _CodeSignature folder.
- The Main Executable and other frameworks, libraries are signed, and the signature information is embedded in the Code Signature section.
- The "embedded.provision" file is located within the IPA.
AppStore side:
- (Encryption) The Main executable encrypts a portion of itself and writes this information to the LC_ENCRYPTION_INFO segment.
- (Re-sign) The Main Executable and other frameworks, libraries are re-signed, and the Code Signature section is modified.
- (Deleted) The "embedded.provision" file is deleted.
- For app thinning, Fat MachO files can be made Non-Fat according to the iPhone device. It may omit certain files based on the screen resolution.
Although we may not be able to fully protect all content of the application, we might be able to safeguard specific essential parts.
Sorry I didn’t reply sooner. I wasn’t notified of your response [1].
You can consider this as an anti-tampering solution.
DTS is doesn’t support folks developing anti-tampering solutions [2] because it falls under the general category of DRM. See my reply here.
However, I am more interested in acquiring information about the system
That’s a rocky road, and one that I can’t follow you along. The internal processing done by the App Store isn’t officially documented. Rather, it’s an implementation detail that changes regularly as iOS and the App Store evolve together.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] This has happened a few times recently and I’m still trying to work out why.
[2] We do support folks using App Attest, of course. See Establishing your app’s integrity.