iOS download IPA application | b4y.dev

Downloading iOS application to audit them can be a bit tricky.

Two methods are accessible without advanced tools:

Using Apple Configurator and iOS device
Using ipatool

Apple Configurator

iPhone: download target app from App Store
Mac: install Apple Configurator: mas install 1037126344
Connect your iPhone to your Mac using an USB cable
Launch Apple Configurator and select your iPhone
On the top menu, click on Add then Apps
Select the target application then valid with add button
A pop message saying The app named [...] already exists on [...] appear.
Do not answer to popup message and go in Apple Configurator temporary file to get .ipa application file:

~/Library/Group\ Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps/

ipatool

This method use ipatool to communicate with App Store and download the app package :

# Install ipatool
brew tap majd/repo
brew install ipatool

# Authenticate with the App Store
ipatool auth login --email <email> --passwword <password>

# Search target app
ipatool search <target app name>

# Download wih package name
ipatool download -b <com.company.package_name>

Other method

Some other method can achieve the same goal, but they are using illegal way or paid tools:

Jailbreaked device (Checkra1n for example) and frida-ios-dump
Cellebrite tools

More post on mobile application security are available