Identifying Hybrid iOS Apps from binaries

Recently I had the opportunity to engage in a bit of a research project to examine commonly used app technologies within a specific industry vertical.   It was useful for this exercise to try to coorelate app store ratings to the underlying technologies which were used to the develop the app, specifically with an eye towards hybrid apps, and how they compare to fully native, and Ahead of Time compiled apps. (Xamarin)

It turns out that many example customers with hybrid providers such as Kony or PhoneGap supply are no longer on the platform, at least for the industry vertical I examined.

In any case I wanted to document the process, as I’m sure it could be automated, and it’s always fun to poke around in large corporations apps to see what can be found.   (Occasionally some pretty *interesting* decisions.)

1. From iTunes on your Mac, Download the app in question.

Screen Shot 2015-04-22 at 10.01.16 PMScreen Shot 2015-04-22 at 9.56.15 PM

2. Open your home directory in the finder, open the Music folder, then Mobile Applications and find the new ipa file. (this is for iTunes 12.1…    other versions may have slightly different folder structures.

Screen Shot 2015-04-22 at 9.58.55 PM

3. Rename the .ipa extension to .zip.

Screen Shot 2015-04-22 at 9.59.14 PM

4. Expand the zip file, then Navigated into the Payload directory, right click on the file inside and then Choose “Show Package Contents”  – Sometimes you can learn something about the app just from the File name in the Payload…   for examples some apps showed Mobiliti as the title which turned out to indicate that this was the Saas which had generated the app.

Screen Shot 2015-04-22 at 9.59.58 PM

5. The tell tale sign (in case you couldn’t tell from your app experience is a html or www folder inside the package: )

Screen Shot 2015-04-22 at 10.00.36 PM

In this case we can see that phone gap was used, as well as google analytics, and a bunch of other javascript frameworks to help drive the HTML in the hybrid app.

Another Tell seems to be lack of .xib files in the package.    Lots of .xib files generally means full Native.     Still working on Xamarin detection.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: