Monday, 17 October 2011

Inspecting Apps (.ipa) files under Microsoft Windows

A friend told me that although the code for iPhone Apps are protected by encryption, other stuffs like music, images, ..etc can still easily accessed from any Microsoft Windows machine. I didn't quite believe it until I check it on a XP machine after synchronised with my iPhone.

No I didn't jailbreak or change anything on the phone - all I have to do is look at the "My Documents\My Music\iTunes\iTunes Media\Mobile Applications" folder and open each of the ".ipa" files using WinZIP or WinRAR. Tried to do the same thing on my Mac but it was blocked.

I quickly browse around, found that one of my favourite game Tiny Tower has a "floor.csv" file with 145 floors defined - I am currently on floor 107, would be interested to see what will happen when I reached the 145 floors limit?

Lots of image and music files are fully exposed. Saw lots of Apps use ".PVR" files instead of ".PNG" or ".JPG" files for images - I just learned that ".PVR" files can be loaded much faster than other formats.

Also saw lots of Apps still have the ".nib" files in there, wonder if all those ".nib" files won't be protected by encryption either?

However, out of all mentioned above, the most shocking thing I found is about an App called "OfficeJerk". As shown below, it seems to be partly written in ".lua" and both the code and the sprite are fully exposed.

Does the name "Lua" sound familiar to you? Yes, I mentioned it in this post when we were talking about this new software called Gideros Studio - all the apps developed in it has to be done in this "Lua" language.

I certainly hope they don't handle your app like whichever compiler/application "Office Jerk" author used to deploy theirs. As it's really un-secure...

So I guess everyone should have a look at what your app might look like before publishing it. Just look at "/Library/Developer/DerivedData/AppName/Products" then check either the debug or release branch and open it with "Show Package Contents" - hope you don't see what you don't expect to see..

No comments:

Post a Comment