Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users. This paper presents the first comprehensive empirical study of these clandestine app stores. We document how these stores operate, including their distribution mechanisms, user authentication processes, and evasion techniques. By collecting and analyzing more than 1700 iOS application packages and their metadata from three major Iranian third-party app stores, we characterize the ecosystem's size, structure, and content. Our analysis reveals a significant presence of Iranian-exclusive apps, widespread distribution of cracked apps, unauthorized monetization of paid content, and embedded third-party tracking and piracy libraries. We also uncover a notable overlap among financial, navigational, and social apps that exist solely in this ecosystem, reflecting the unique digital constraints of Iranian users. Finally, we quantify the potential revenue losses for developers due to piracy and document security and privacy risks associated with altered binaries. Our findings highlight how sanctions, censorship, and enforcement gaps have enabled a parallel app distribution ecosystem with complex socio-technical implications.

翻译：受美国制裁及严格网络审查影响，伊朗iOS用户无法访问苹果App Store及开发者服务。在此背景下，尽管违反苹果开发者条款，一个服务于伊朗用户的第三方iOS应用商店地下生态体系已蓬勃发展。本文首次对这类隐蔽应用商店展开全面实证研究。我们系统记录了这些商店的运营机制，包括分发渠道、用户认证流程及规避检测技术。通过采集并分析三家伊朗主流第三方应用商店超1700个iOS应用包及其元数据，我们刻画了该生态体系的规模、结构与内容特征。研究表明：存在大量伊朗专属应用、破解应用广泛传播、付费内容未经授权商业化、以及嵌入式第三方追踪与盗版库。我们还发现仅存于此生态体系的金融、导航及社交类应用间存在显著重叠，折射出伊朗用户独特的数字约束环境。最终，我们量化了盗版行为给开发者造成的潜在收益损失，并记录了经篡改二进制文件相关的安全隐私风险。研究结果揭示，制裁、审查与执法漏洞如何催生了具有复合社会技术影响的平行应用分发生态体系。