Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do third party iOS AppStores (tongbu,sibche, etc.) sign & install Apps?

I've recently evidenced a set of third party illegal appstores that re-distibute iOS apps. These online stores are able to install free Appstore apps (i.e. Facebook, Google Map, etc.) or their own apps on non-jailbroken devices. Regarding the fact that Apple forbids third-party stores, I just want to know how these apps are signed to be installed on Apple devices? Does these Apps first jailbreak the device?

Does apple allow changing/updating the Signature of an app?

Update: It seems that these Apps are installed on the device by a certificate generated by an enterprise developer license, so it can be installed on any device without any limitations. But I cannot understand how these AppStores install those Apps that are available on Apple AppStore, like Facebook !!!

Update 2: Is it possible to get the .ipa file of an application hosted on AppStore? i.e. Facebook? If possible, can it be resigned?

Update 3: These are the certificates installed. Obviously one of them is fake, unverified but at the same time can install apps without the need to jailbreak. The profile to be installedThe certificate & challenge

Update 4 I think the Q/A at this link on SO does not reply to my Q as well. If the tongbu signs the apps using an enterprise license, is it really possible to get an enterprise license for each app?

like image 956
Gupta Avatar asked Jan 11 '14 06:01

Gupta


1 Answers

The apps are most likely re-signed with the developers (person creating these so called "cracked apps" own distribution certificate. They will purchase the real app, extract the IPA file, and then re-sign it. These legally signed apps are then uploaded to a website and then downloaded by the user or distributed by some other means. iOS treats these like regular signed apps and doesn't check with the App Store because they were never uploaded. This allows downloading of cracked apps on a non-jailbroken iDevice. Jailbreaking eliminates the need for code-signing. The distribution certificate is normally used for companies wanting to distribute an app designed specifically for their working environment with no need to upload to the App Store. Distributing and using a developer's certificate in this way of making cracked apps of course violates Apple's policies and those certificates will be voided as soon as Apple finds out but that can take a very long time.

EDIT: There seems to be some confusion as to how App Store apps are being installed for free on devices. This process requires jailbreaking but only to create the ipa, installing it is done automatically on the device by iOS. Whoever is uploading the apps goes through this process:

  1. They first download the target app from the app store and install it on their device.
  2. They then copy over the .app from their iDevice to their computer through various file explorers or other means.
  3. They create a folder called Payload and put the .app inside.
  4. They zip up the Payload folder
  5. They rename the zipped file with a .ipa extension.
  6. This .ipa file is then resigned with a distribution certificate through iResign or terminal and then uploaded to the internet.
  7. When a user downloads a .ipa file, iOS automatically installs it if it was signed correctly.

I hope this clears up any confusion. Also, if they are uploading their own app they made in xcode, they can simply use xcode to do it by archiving it first (Product>Archive) with their distribution certificate and Ad-hoc provisioning profile selected to code-sign then opening organizer, going to archives and clicking distribute. Finally they choose Save for enterprise or Ad-Hoc Deployment which automatically makes an ipa ready for upload.

like image 72
Milo Avatar answered Sep 29 '22 07:09

Milo