March 2024 – James O'Claire

In the past couple months I built out scraping for Android apps which downloads, decompiles, scrapes the `AndroidManifest.xml` then analyzes the Android app for known 3rd party ad networks or trackers.

I enjoyed this a lot, but the other half of the equation, iOS remained elusive. I was surprised how much more difficult this turned out so I’ll document a bit of what I did in case it helps anyone else.

How to tell which 3rd party ad networks or trackers are in Apple iOS apps?

First, what is the most analogous file I could find to AndroidManifest? Turns out this is the Info.plist but the similarities with AndroidManifest don’t go far. In terms of 3rd party integrations, it does not seem like most make an appearance in the Info.plist so I guess I might need to dig further.

Next, my challenge was where to download files from. In the end, I decided to go ahead and try downloading from the iTunes store directly. The downside of this is that I will be using a personal iTunes account, though I don’t use Apple as a daily driver, it’s still a risk that they block/ban the account. I tried searching for whether this was possible, but didn’t find too much.

Downloading ipa files

After some trial and error with other tools, I found the open source ipatool which has a CLI interface. It requires authenticating with the email and password of your account, as well as some 2FA text messages to the related phone number.

The first issue I hit was that despite having entered an email, a phone number AND a credit card already for this account (#ApplePrivacy) I still needed to accept a license agreement via iTunes. Luckily, I was able to find this blog article for how to download IPA files for Windows by using an old version of iTunes (because of course Apple now blocks this in the newer versions). In the end I was able to get that older version of iTunes working on Linux with Wine and was able to accept the license agreement and download IPAs. This then made it so I could also use the CLI ipatool as well.

Now that CLI ipatool is working I am able to download IPA files and start doing more investigation

I recently added a free feature to AppGoblin to see which advertising/monetization ad networks and MMP partners apps are using. You can break down the results by category and and group by parent companies.

The data is pulled from the top ~10k Android apps, which I downloaded, de-compiled and examined their AndroidManifest.xml to determine which ad partners they might be using. The list of partners is something I manually created, so if there are any mobile MMPs or ad networks you think are missing, feel free to let me know and I’ll add them in.

My original thesis I wanted to learn about was what percentage of apps use AppsFlyer vs Adjust and the biggest surprise I got was that it was much lower than I expected and Firebase was much much higher than I expected.

Also, I’d love any feedback or questions that popup when people see this. I wouldn’t mind taking this a bit further.