What are you actually getting when you’re downloading an app from the App Store?
As an example I’m using my own (free) app Local Storage. Apart from legal reasons this also has the benefit that I can compare the findings with the actual source code that I have available.
The same process can of course be applied to any app. But might leave you guessing at some point. And not be 100% legal.
As of writing I am running macOS High Sierra 10.13.3, iTunes 12.7.3, Configurator 2.6.1 and XCode 9.2.
App-Store-internally iOS apps are distrubuted as *.ipa
archives.
But it’s not so easy to actually get a download link. The web version of the App Store doesn’t contain it. And of course there’s no way to obtain that info from the App Store app on your device.
In previous versions of iTunes it was possible to browse and download apps (for later sync/installation to your device). The files were saved to ~/Music/iTunes/Mobile Applications/*.ipa
. However with version 12.7.0 all App Store related features got removed. This is not to be confused with backups by the way, it’s still possible to create and restore *.ipsw
files. And while it’s possible to downgrade to 12.6.3.6 (the last version with App Store functionality) it is generally not recommended.
Instead install Apple’s official tool Configurator 2 from the Mac App Store. That program is supposed to be used for managing multiple devices in a corporate or education setting and has a bit of a weird interface when just connecting one device.
*.ipa
file gets deleted before you have a chance of copying it outcd ~/Library/Group\ Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps/
cd
downwardsls
finally shows an *.ipa
filecp Local\ Storage\ 1.2.3.ipa ~/Downloads/
Just like with downloading it was also possible to use iTunes to install *.ipa
files to your device. Version 12.7.0 removed this feature too.
Again Apple’s tool Configurator 2 comes into play.
*.ipa
fileApparently it’s also possible to use third party software like iFunbox, Diawi or iTools for this purpose. No idea if those can be trusted and still work.
Good news: An *.ipa
file just a renamed *.zip
file. Change the extension and extract.
iTunesArtwork
*.jpg
file without the extensioniTunesMetadata.plist
*.ipa
fileMETA-INF/com.apple.FixedZipMetadata.bin
META-INF/com.apple.ZipMetadata.plist
*.ipa
was created (the zip command used, permissions, uncompressed file size)Payload/localstorage.app
*.app
files for macOS Finder hides this fact from the userA plist file with the extension *.mobileprovision
is not contained in what I got from Configurator 2.
security cms -D -i {path-to-provisioning-profile}
.*.ipa
file.Some basic infos can be shown via codesign -dvvv {path-to-*.app}
. Things like the certificate date or the UUID of the app are missing here though.
Untested: The command line tool Nomad (Shenzen) apparently is able to show a bit more when running ipa info {path-to-*.ipa}
.
This concludes Part 1 of 3 of my series on analyzing iOS apps.
Part 2 will be about the content of the *.app
directory, and Part 3 will look into at Unix executable. These are not ready yet, but will be linked here later.
Did I get something wrong or do you have questions? Drop me a mail.