iOSModZoo: A Large-Scale Study of Third-Party iOS App Markets

Sideloading apps in iOS is possible without a jailbroken (rooted) device despite its 'walled garden' reputation. We found 89 third-party app markets and present the first overview of the modded app ecosystem on iOS. We collected and analysed apps from the 9 most popular modded markets over 11 months. We found 29% of the modded apps are pirated paid apps offered for free with a reported 1.12 billion downloads across just three markets, likely affecting developer revenue. Many modded apps offer subscription features and in-app or in-game items for free: 69% of modded apps originally had in-app purchases in the App Store. In terms of user security, VirusTotal classified over 1% of modded apps as malicious (CVE, exploits, trojans, mainly), versus less than 0.03% of App Store apps. Markets sign 78% of the modded apps with enterprise certificates, while others rely on device management profiles meant for company devices which can extract private user data and remotely install apps.

Conference Name

19th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2026)

Publisher DOI

https://doi.org/10.1145/3765613.3797450

Rights and licensing

Except where otherwised noted, this item's license is described as Attribution 4.0 International

Sponsorship

European Commission Horizon 2020 (H2020) ERC (949127)

Nokia Bell Labs European Research Council (Horizon 2020 grant agreement No 949127)

Collections

University of Cambridge Research Outputs (Articles and Conferences)