Clarification Regarding App Denial on Simulator and Its Impact on App Review Process

iOS and the iOS Simulator are different platforms [1]. Given that, it’s impossible to build an app for the simulator and upload it to App Store Connect. And that means you can sidestep this issue completely by conditionally compiling this code so that it’s only in the simulator build. In Swift you do that like this:

#if targetEnvironment(simulator)
    … your simulator code here …
#endif

That ensures that the code is only present in the simulator build, so it can’t possibly affect your app’s behaviour during App Review.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Even though they use the same CPU architecture. I talk more about this distinction in An Apple Library Primer.

I have a couple of questions related to app distribution and security, and I would greatly appreciate your clarification:

Is it possible to install an .ipa file—specifically one that is downloaded from the App Store—onto an iOS Simulator by any means? I understand that iOS and the iOS Simulator are different platforms, and typically apps built for devices do not run on simulators, but I want to confirm whether any workaround exists that could allow this.

Is it possible to extract the application file (e.g., from a jailbroken device or otherwise) and install or run it on another physical device or the simulator? I am trying to evaluate the security implications of our app package being transferred or misused across devices or environments.

Your insights will help us better understand the boundaries of app security and deployment within Apple’s ecosystem. Thank you in advance for your time and support.

Two things:

• The Mac is a relatively open system. Users can disable SIP and then radically change the system’s behaviour.

• iOS does not support such things, but iOS security isn’t perfect and it’s hard to draw hard security boundaries if the user is actively cooperating with your attacker.

Give the above, the answer to any “is it possible” question is “Yes, with sufficient amounts of hackery.” You are really asking about DRM here — you want to give the user something but limit what they can do with it — and there’s no perfect DRM system. It’s always a compromise between protection, compatibility, development time, and the potential for inconveniencing your real users.

A classic example of this is iOS Apps on Mac. You can opt out of that feature if you want, but that’ll annoy some subset of your users.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Please don't use the Comment feature here in the forums. It's very annoying.

Don't worry about those kinds of security issues. If your app reaches any level of popularity, then yes, it will absolutely be hacked. But at that point, you should consider the hackers to be an unpaid marketing team.

Then, if your app continues to be successful enough so that the hackers are a noticeable detriment to your income, you'll have the resources to improve security and lock it down.