Does Apple modify iOS application executables on apps submitted to the App Store?

Question

Is an app\'s executable file byte-for-byte identical when the app is purchased through the App Store and installed on a user\'s iPhone, compared to the original executable f

Answer 1

The application executable is encrypted by Apple when released on the App Store, so self-running a checksum on your own binary is not a good idea —you cannot know the file size of the encrypted binary in advance—.

Mind you, the binary always remains encrypted in the file system, and only the iPhone root user can decrypt these binaries. If you download an app from the App Store with iTunes, you can open the IPA on your PC or Mac and see that the binaries are indeed encrypted by running otool:

otool -l <app binary> | grep cryptid
crypt id 1
(a value of cryptid 1 means the app is encripted)

otool -l <app binary> | grep cryptsize
12345678
(size of the encrypted segment)

Answer 2

The application is also stripped of your signature and signed by Apple. This can be verified by running "codesign -vvvvd" on the app binary you submit and comparing it to the output of "codesign -vvvvd" of the app binary you download from the store.

Because of this the hashes will not match.