Taking a Bite Out of the Forbidden Fruit: Characterizing Third-Party Iranian iOS App Stores

TL;DR

This study provides a comprehensive analysis of Iranian third-party iOS app stores, revealing their operation, content, and associated security and economic implications amid sanctions and censorship.

Contribution

It is the first detailed empirical characterization of these underground app stores, including their structure, content, and evasion techniques.

Findings

Over 1700 app packages analyzed from three major stores.

Presence of Iranian-exclusive, cracked, and pirated apps.

Documented security risks and potential revenue losses for developers.

Abstract

Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users. This paper presents the first comprehensive empirical study of these clandestine app stores. We document how these stores operate, including their distribution mechanisms, user authentication processes, and evasion techniques. By collecting and analyzing more than 1700 iOS application packages and their metadata from three major Iranian third-party app stores, we characterize the ecosystem's size, structure, and content. Our analysis reveals a significant presence of Iranian-exclusive apps, widespread distribution of cracked apps, unauthorized monetization of paid content, and embedded third-party tracking and piracy libraries. We also uncover a notable overlap among financial, navigational, and social apps that exist solely in this ecosystem, reflecting the unique digital constraints of Iranian users. Finally, we quantify the potential revenue losses for developers due to piracy and document security and privacy risks associated with altered binaries. Our findings highlight how sanctions, censorship, and enforcement gaps have enabled a parallel app distribution ecosystem with complex socio-technical implications.