I am curious as to know if i calculate the checksum of an ipa file and upload the same to app store, and then after installing the app on my device, if i extract the ipa file and compare the checksum will it match? or will it vary from device to device, because of bitcode and app thinning slicing? Some banks have been showing ipa file checksums on their websites, and even inside their apps and showing messages like checksum matches! i was just curious as to know how would one go about validating this!? Or is this even possible, what about the checksum of the executable at runtime? Can we check this? will it match?
if i extract the ipa file and compare the checksum will it match?
This question doesn’t make sense because a .ipa is only used to upload your app to the App Store. It has no presence on the device itself.
But regarding the big picture question about checking app integrity, see my reply here.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"