The title isn’t too specific, so to specify more verbosely: how does iOS ensure that the app’s signature matches the contents within the payload?
I’m currently trying to slightly modify the files within an iOS game. I have the ipa installed, then I view the files by changing the .ipa extension to .zip. From there, I can view all of the non-compiled files for the app. To modify, I extract the data. A large amount of the data this app uses comes from xml. I find a specific xml file that pertains to what I need, I modify it, then I zip up the extracted data into a folder with the exact same name, verify the layout is identical to the original .zip, then change the extension back to .ipa.
However, when doing this, the application I am using to install signed and verified IPAs notes there has been a change. It cannot detect a change when I simply change the extenstion to .zip, then change it back to .ipa.
I’m wondering, what part of what I did is detectable as not matching the signature?
