Structure of an iOS App Binary (.ipa)

Last updated August 11, 2022 by Appdome

Learn the structure of an iOS App Binary (.ipa)

Appdome is a no-code mobile app security platform designed to secure iOS ipa apps without coding. This Knowledge Base article summarizes what a .ipa file is. An.ipa file is an iOS binary. This is the file format uses to package and distribute iOS mobile apps. The .ipa contains all of the required components in order for the app to successfully run.

All of Appdome’s services can be added to any iOS or Android app instantly, with no code or coding.

We hope you find it useful and enjoy using Appdome!

About .ipa files

iOS applications are bundled in a single file of type ipa (short for iOS App-store Package).

Despite their ipa suffix, these are just regular ZIP files and can be extracted if you modify the suffix to zip.
Since IPA files all have a well defined internal structure, What you’ll find inside is a single folder called, inside of which will be another folder called .app. Besides the Payload folder, you may also find other folders and files, usually for use of iTunes service.

While in a Macintosh (Mac) computer the app folder may look like a file, you can open it by right-clicking and selecting the command Show Package Contents.
Inside you’ll find the following:

  • The Info.plist file
    This is the file that describes the application to the iOS operating system, by using a list of properties. In the example shown in the figure below, one can see many properties such as:

    1. Which files in the .ipa is the icon
    2. Application display name
    3. Version
    4. Unique identifier
    5. Application main executable filename
      structure of an .ipa
  • The application’s main executable
    The main executable contains the code of the application. In essence, this is the application. All the Objective-C and Swift code punched in by your developers is encoded into this file. Just a quick reminder, the executable’s file name is determined by the Info.plist.
    The application file contains within it entitlement information, which is Apple’s name for permissions.
  • External executable libraries
    Other libraries that the main executable use.
  • Frameworks
    This is a folder that contains frameworks used by the application.
    Each framework resides under its own folder called Frameworks/.framework and contains its native code and resources.
    In addition, Swift applications have the Swift runtime libraries directly under the Frameworks folder.
  • Plugins
    Application extensions, executed by the application.
  • Resources
    Documents, images, icons, video and audio files.
  • www
    If the application is a web app, developed with Cordova or React Native for example, the web data will be stored in a folder named www. It may contain web pages, resources, Javascript and CSS files, and so on.
    If such an application is fused with TOTALCode obfuscation enabled, these files (which contain the bulk of the application’s intellectual property) would be encrypted.
  • Nib or storyboard files
    These files describe the UI of the application and how it interacts with it’s logic.
  • Signature information
    iOS verifies all native code elements have not been modified since they were “signed” by the developer/distributer. This includes: the executable, frameworks, libraries, PlugIns (app extensions) and WatchKit.
    The signing process should follow a certain order: WatchKit, PlugIns, Frameworks (and the appdome Framework), Executable and .app folder.
  • Provisioning information (most commonly embedded.mobileprovision)
    This file determines the deployment permissions of the application. The short explanation is that as a developer, you can only install your application on a limited set of devices (so you won’t distribute an application without Apple’s approval). So, unless you published your application to the App Store (or acquired an enterprise code signature), you need to equip your application with a provisioning profile. The provisioning profile is also a plist file, and should be obtained by the developer from Apple’s developer console.
    The provisioning information contains inside it a copy of the application’s entitlements, so as you may understand, you can’t just give an application any permission you want, it must all be “authorized” by apple.

How Do I Learn More?

Check out Appdome article on .apk files or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.


Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.  

Have a question?

Ask an expert

GilMaking your security project a success!