Repackaging detection

Repackaging means that an attacker can obtain a copy of an application, add malicious functionality such as a keylogger, and then offer it to users who believe that they are using the original application.

Repackaging has also been used by attackers to offer people access to apps which are usually sold through the App Store - either as paid apps or subscription apps - illegally and for free/reduced price. Other common motivations for repackaging are to remove unwanted functionality, or add new functionality to an app (such as cheats to a game).

This type of attack is made possible since Apple has an alternative distribution mechanism apart from the App Store called enterprise distribution.

Repackaged apps which are unsigned or wrongly signed can also be used on e.g. jailbroken devices.

The act of repackaging the application can also be used when attempting to reverse-engineer an application.

App Shielding offers the possibility to detect and react when an application has been repackaged. Furthermore, App Shielding creates a strong binding between the app and App Shielding. With this, the security features provided by App Shielding cannot be disabled by simply removing App Shielding from the app.