Recently I saw a website that include lots of AppStore applications and they resigned that applications via their Enterprise account and let people to download them directly to their iPhone/iPads.
I am wondering how they do this? I had resigned .ipa files that was created for Ad-Hoc via Enterprise; but how they resign AppStore applications with enterprise account too?
I am wondering for the answer because it is important and we should consider more security challenges for the case of resigning our appstore applications with enterprise accounts.
When an IPA is downloaded from the app store (including by Xcode), the binaries in that IPA are encrypted by Apple. Simply resigning these binaries will not work. One way to remove the DRM, and this may be illegal in your country, is to extract the unencrypted binary during runtime on a jailbroken device.
Note that when resigning apps, such services need to use a different provisioning profile than you originally used, and that provisioning profile will have a different bundle identifier than the one in your Info.plist. You can use tools such as
TCMobileProvision to inspect and compare the two identifiers. This is a mouse and cat game, as they could actively look for that code and remove it statically, but you will most likely reduce the possibility of your app being resigned significantly.