During the iOS project launch process, a challenging issue sometimes arises: the app is flagged as having excessive similarity. This situation is more common in multi-version products, channel versions, or apps derived from the same framework. If the code structure, resource files, or even app fingerprints are highly consistent, they may be flagged during review or platform detection.

Our team encountered a similar situation while maintaining a set of channel apps. Multiple apps indeed shared UI and functional modules, but if the internal IPA structures were nearly identical, technical adjustments were necessary. We eventually developed a handling workflow with the primary goal of changing the app’s internal characteristics while ensuring functionality remains unaffected.

This article records the approach to resolving this through resource structure adjustment, symbol obfuscation, and binary processing.

1. First, Observe the IPA Internal Structure

If you need to assess app similarity issues, the first step is to unpack the IPA and examine its structure.

Change the IPA to a zip:

mv app.ipa app.zip
unzip app.zip

Navigate to the directory:

Payload/AppName.app

In this directory, you can see:

  • Executable binary file
  • Image resources
  • JSON configuration files
  • HTML/JS files
  • embedded.mobileprovision

If these file structures are almost identical between two apps, similarity detection tools can easily identify them as originating from the same source.

2. Check the Binary Symbol Structure

Class and method names in the binary file can also serve as criteria for similarity judgment.

You can use commands to view:

strings AppBinary | head

Or:

strings AppBinary | grep Controller

If multiple apps contain identical class names, for example:

HomeViewController
OrderManager
VipSubscriptionService

Then during decompilation or static analysis, these symbols will form a highly consistent structure.

To alter this characteristic, you can perform obfuscation on the binary symbols.

After parsing the IPA, Ipa Guard lists all symbols in the executable files, including:

Objective-C classes
Swift classes
Objective-C methods
Swift methods

In the tool, select the classes and methods to process, and after executing obfuscation, symbol names are replaced with random strings.

For example:

VipSubscriptionService → a92kf3d

After processing, these business names no longer appear when checking string information.
Processing

3. Adjust the Resource File Structure

The resource directory is also a significant source for similarity detection.

For example, multiple apps share the same image names:

home_banner.png
vip_background.png
icon_profile.png

If resource names and structures are consistent in the IPA, detection systems can easily identify the association.

In the resource module, Ipa Guard can perform batch processing on the following types:

  • Images
  • JS files
  • HTML files
  • JSON files
  • MP3 files
  • XIB files
  • Storyboard files

After executing resource obfuscation, file names are changed to random strings, for example:

vip_background.png → c83d21.png

The tool automatically updates reference paths, so the app can still load resources normally.
Filename Obfuscation

4. Modify Resource MD5 Fingerprints

In some projects, even after changing file names, resource content remains completely identical.

If two apps have images with the same MD5, they may still be identified as similar resources.

Ipa Guard provides an option to modify resource MD5 values. After processing, the image content remains unchanged, but the file fingerprint changes.

You can verify using a command:

md5 banner.png

The MD5 value will differ before and after processing.

This method can alter characteristic values at the resource level.
Modifying MD5 Value

5. Compress HTML/JS Resources

Some apps load HTML pages in WebView. If these files remain in their original format, structural information is more apparent.

During the build phase, you can use scripts for compression:

terser main.js -o main.min.js

Or:

uglifyjs script.js -o script.min.js

Compressed scripts become single-line structures, significantly reducing readability.

Then, further reduce identifiable information by modifying file names with Ipa Guard.

6. Remove Debug Information

Debug information can also become part of the app fingerprint.

You can run:

strings AppBinary | grep NSLog

If the output contains numerous log strings, you can clean this information during the obfuscation phase.

Ipa Guard supports removing some debug symbols and automatically annotating, making the binary file structure cleaner.

7. Re-sign and Install for Testing

After modifying the IPA content, the original signature becomes invalid, so re-signing is necessary.

You can use a signing tool:

kxsign sign app.ipa \
-c cert.p12 \
-p password \
-m dev.mobileprovision \
-z test.ipa \
-i

If the device is connected via a data cable, the app will automatically install after signing.

During the testing phase, verify:

  • Whether pages load normally
  • Whether image resources display correctly
  • Whether WebView content is accessible

If some resources fail to load, check the corresponding files in the resource configuration.
Re-signing

8. Generate a Release Version

After testing passes, re-sign with a distribution certificate:

Distribution Certificate
App Store Provisioning Profile

The generated IPA is used for uploading to the App Store.

Apps generated with a distribution certificate cannot be installed directly, so testing must be completed during the development certificate phase.

Resolving iOS app similarity issues involves multi-layer adjustments to change the app’s internal characteristics. Binary symbols, resource names, resource fingerprints, and debug information can all serve as detection criteria.

Reference link: https://ipaguard.com/tutorial/zh/1/1.html