IPA Encryption Checker

1. Introduction

Welcome to IPA Encryption Checker. These Terms of Service ("Terms") govern your use of our website located at https://ipachecker.qzz.io/ (the "Service"). By accessing or using the Service, you agree to be bound by these Terms.

Please read these Terms carefully before using our Service. If you disagree with any part of these terms, you may not access the Service.

2. Definitions

"Service" refers to the IPA Encryption Checker website and all related functionality.

"IPA" refers to iOS Application Package files (.ipa extension).

"You" refers to the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

"We," "Us," "Our" refers to the operators of IPA Encryption Checker.

"Upload ID" refers to the unique session identifier generated for each file upload or URL submission.

3. Service Description

IPA Encryption Checker is a free online tool that allows users to analyze iOS IPA files. The Service provides:

• Encryption status detection for IPA files
• Extraction and display of app metadata (name, version, bundle ID, etc.)
• Architecture information (32-bit, 64-bit, Universal)
• File hash generation for verification (MD5, performed in backend analysis)
• Download links for processed files (available for 90 days via GitHub Actions artifacts)
• Two submission methods:
  • Direct File Upload: Upload IPA files from your device
  • URL Mode: Provide a direct URL to an IPA file hosted elsewhere

4. User Content and File Submissions

Our Service allows you to submit IPA files for analysis via upload or URL. You retain all ownership rights to your uploaded files. We do not claim ownership over any content that you submit.

By submitting IPA files to the Service (via upload or URL), you agree and represent that:

• You have the legal right to upload and analyze the IPA files
• For URL submissions, you have the legal right to access and analyze files at the provided URL
• The files do not violate any applicable laws, regulations, or third-party rights
• The files do not contain malicious code, viruses, or harmful content
• You will not upload copyrighted material without proper authorization
• You acknowledge that uploaded files are temporarily stored for analysis and download purposes
• You will not submit URLs to files you don't have permission to access
• For file uploads, files undergo security validation including magic bytes verification to ensure they are valid IPA/ZIP files
• For URL submissions, URLs must end with .ipa and be properly formatted

5. Usage Requirements and Verification

To use our Service, you must:

• Complete CAPTCHA verification (Cloudflare Turnstile) to prevent automated abuse
• Comply with our rate limits:
  • 30 requests per minute per IP address
  • 12 uploads per hour per IP address
• Only upload valid IPA files for analysis (file uploads) or provide valid URLs to IPA files (URL mode)
• Respect the technical limitations of our Service
• Use the Upload ID provided with your submission for accessing file status and results
• Not attempt to access files or results without proper authentication

6. Authentication and Session Management

When you submit a file or URL for analysis:

• A unique Upload ID is generated to authenticate your access
• This Upload ID is required for all operations related to your submission (status checks, file access, updates)
• Upload IDs are valid for the duration of your session (up to 1 hour)
• You are responsible for maintaining the confidentiality of your Upload ID
• Do not share your Upload ID with others
• After the session expires, files can only be accessed through GitHub artifact download links

7. Data Privacy and Retention

We collect minimal information necessary to provide the Service:

• IP addresses for rate limiting, abuse prevention, and security (1-minute window for requests, 1-hour window for uploads)
• Uploaded files for analysis (retained for up to 1 hour on our servers)
• URL information for URL submissions (retained for up to 1 hour)
• Analysis results and processed files (available for download for 90 days via GitHub Actions artifacts)
• Session data including Upload IDs (retained for up to 1 hour)

For detailed information about how we handle your data, please review our Privacy Policy.

8. Service Limitations

The Service has the following technical limitations:

• File Upload Mode:
  • Maximum 100MB per file
  • Maximum 5 files per upload session
  • Only .ipa files are accepted
  • Files must have valid ZIP/IPA signatures (magic bytes verification)
• URL Mode:
  • No file size limit
  • URLs must end with .ipa
  • URLs must be properly formatted and accessible
  • URL must point to a valid IPA file
• Rate Limits (applies to both modes):
  • 30 requests per minute per IP address
  • 12 uploads/URL submissions per hour per IP address
• Timeouts:
  • 3 minutes for file upload requests
  • 30 seconds for other requests
• Availability: Service may be temporarily unavailable for maintenance or updates

9. Download and Storage Terms

Regarding file downloads and storage:

• Processed files and analysis results are available for download for 90 days
• Download links are provided through GitHub's artifact system via nightly.link
• Access to files during the 1-hour session window requires your Upload ID
• After the session expires, download links remain accessible without authentication
• We are not responsible for failed downloads or expired links
• Files are automatically deleted after the 90-day retention period by GitHub's systems
• Original uploaded files are deleted from our storage after 1 hour

10. Disclaimer of Warranties

THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. WE SPECIFICALLY DISCLAIM:

• Any warranties regarding the accuracy, completeness, or reliability of analysis results
• Any warranties that the Service will be uninterrupted or error-free
• Any warranties regarding the security or privacy of uploaded files
• Any warranties that defects will be corrected
• Any warranties regarding the accessibility of URLs provided in URL mode
• Any warranties regarding the availability of download links after the 90-day period

We reserve the right to modify, suspend, or discontinue the Service at any time without notice.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR:

• Any indirect, incidental, special, or consequential damages
• Any loss of data, files, or business opportunities
• Any damages resulting from the use or inability to use the Service
• Any damages caused by errors in analysis results
• Any damages resulting from unauthorized access to or disclosure of uploaded files
• Any damages resulting from failed URL downloads or inaccessible URLs
• Any damages resulting from expired download links or deleted files

Our total liability shall not exceed $100 or the amount you paid for the Service (which is free), whichever is less.

12. Prohibited Uses

You agree not to use the Service for:

• Any unlawful purpose or to violate any laws or regulations
• Uploading malicious files, viruses, or content that could harm our systems
• Submitting URLs to malicious content or files you don't have permission to access
• Attempting to probe, scan, or test the vulnerability of the Service
• Overloading, flooding, spamming, or attempting to crash the Service
• Circumventing rate limits or other protective measures
• Attempting to interfere with the proper functioning of the Service
• Using automated systems to upload files or submit URLs without completing CAPTCHA verification
• Reverse engineering or attempting to extract our analysis algorithms
• Attempting to access files or sessions without proper authentication (Upload ID)
• Sharing or distributing your Upload ID to unauthorized parties
• Attempting to bypass file validation or security measures

13. Termination

We may terminate or suspend your access to the Service immediately, without prior notice or liability, for any reason, including:

• Breach of these Terms
• Violation of applicable laws
• Abusive or harmful behavior
• Circumventing rate limits or security measures
• Submitting malicious files or URLs
• Technical or security reasons

Upon termination, your right to use the Service ceases immediately. Any provisions that should survive termination will remain in effect.

14. Intellectual Property

The Service and its original content, features, and functionality are owned by the Service operators and are protected by copyright, trademark, and other intellectual property laws. You may not:

• Use trademarks or branding without permission
• Claim ownership of analysis methods or algorithms
• Reverse engineer our security measures or file validation systems

15. Changes to Terms

We reserve the right to modify or replace these Terms at any time. If a revision is material, we will:

• Post the updated Terms on this page
• Update the "Last Updated" date
• Provide reasonable notice of significant changes on our website

By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new Terms, please stop using the Service.

16. Governing Law

These Terms shall be governed by and construed in accordance with applicable laws, without regard to conflict of law principles. Any legal action or proceeding arising under these Terms will be brought exclusively in the appropriate courts.

17. Severability

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions will continue to be valid and enforceable to the fullest extent permitted by law.

18. Security Acknowledgment

You acknowledge that:

• We implement industry-standard security measures including HTTPS/TLS encryption, file validation, rate limiting, and authentication
• Your IP address is used for rate limiting and is obtained from Cloudflare's CF-Connecting-IP header
• Files undergo magic bytes verification to ensure they are valid IPA/ZIP files before processing
• In production mode, detailed error messages are sanitized to prevent information disclosure
• Upload ID authentication uses constant-time comparison to prevent timing attacks
• Despite our security measures, no system is 100% secure

19. Contact Us

If you have any questions about these Terms, please contact us:

• Email: andres@ipachecker.qzz.io
• GitHub: Open an issue