Cracks in the Walled Garden: Dissecting the Gray-Market of Unauthorized iOS App Distribution via Ad Hoc Sideloading

This restricted-access repository accompanies the study “Cracks in the Walled Garden: Dissecting the Gray-Market Supply Chain of Unauthorized iOS App Distribution via Ad Hoc Self-Signing”. It follows the principles of open science by supporting reproducibility and enabling further research. This repository serves as a supplement to the public repository at https://zenodo.org/records/17850998 which contains only a sample dataset. Here, we provide the complete data collected and used in our analysis. This repository includes data only and does not re-upload the code used in the study. Researchers can obtain the corresponding code from the public repository to reproduce our results and conduct additional analysis. To request access, please click the "Request access" button on the Zenodo page and briefly describe your research purpose. We only approve requests from academic or research institutions. Please use an institutional email address and provide a brief description of your research purpose when submitting your access request. Note that the data provided must be handled responsibly and is strictly for research purposes. It should not be used for personal use or any activities beyond academic research. full_dataset/│├── _README_.md│├── ipas/│ ├── _README_.md│ ├── dylib_counts.txt (aggregated counts of all third-party dylibs extracted from the 2,654 downloadable IPA files)│ └── ipa_all.xlsx (metadata of 8,216 IPA files)│├── sites/│ ├── _README_.md│ ├── 3359_signing_site_all.txt (the URLs of the 3,359 signing sites)│ ├── mobileconfig_all/│ │ └── getudid/ (configuration profiles for obtaining the UDID)│ │ └──provisioning/ (configuration profiles that assist automatic redirection to the Setting)│ └── sld_related_all/│ ├── signingsite_alllink.xlsx (all URLs extracted from the 3,359 sites)│ ├── signingsite_sld.xlsx (the aggregated SLD results for the 3,359 sites)│ ├── sld_mapping.xlsx (the mapping between the SLDs of signing sites and those of their corresponding certificate sites)│ └── sld_whois.xlsx (WHOIS information for the 38 SLDs associated with the signing sites)│└── tools/ ├── _README_.md ├── certificate/ (12 iOS certificate obtained through paid interactions with service providers, each containing .p12 and .mobileprovision) └── tool_ipa/ (12 IPA signing tools obtained through paid interactions with service providers)