Is there a way to check your app signature to verify if any one has tampered with the ipa file. I want to know specifically how to determine and handle this type of situation. How can i do a check for this in code(swift).
Basically i want to have a check on our side to know if my app has been tampered with or not.
The supported way to do that is with App Attest.
The path you’re going down is not supported by DTS. There are two reasons for this:
-
Anti-tamper protection is a form of DRM, and DTS does not support DRM [1] development in general. Any DRM system involves a trade-off between effectiveness and compatibility: The more effective your system is, the less likely it is to be compatible in the long term. DTS falls on the compatibility side of this divide, and so we don’t support DRM.
-
In this specific situation, Apple regularly transforms your app during the distribution process. For example:
- Re-signing the app
- Adding the App Store’s own DRM
- App thinning
- Applying bitcode
Some of these you can avoid but not all of them, and Apple reserves the right to add more as time goes by. There’s no supported way to distinguish Apple’s valid tranformations from tampering.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Well, non-Apple DRM. We do support various aspects of FairPlay.