They use a jailbroken device to obtain a decrypted copy of the application binary, then re-sign it with their own developer certificate, and submit. There's no recompilation needed.

You don't need the code. You just change some strings in the binary/bundle (if you're fancy), sign it with your certificate and upload to the app store.

Apple apps are basically just a special folder that contain a combination of compiled files and uncompiled "resources" which can include images and even some of the config files.

You can easily browse any native app on a Mac by just ctrl+clicking it and selecting "show package contents"

These cloners are just replacing image files and changing some text in config files which requires almost zero programming or reverse engineering skill.

I'm quite sure that they are merely replacing some of the application's image resources and resigning it... But I could be wrong.

Correct, they are simply updating the image resources and resigning the app. The code hasn't been touched (though the code is from a two year old version of the app).

I think we could add some detection to in the code that if the bundle id doesn't match, then app should display a warning.

Correct me if I'm wrong but doesn't the .ipa include the bundle ID as well as the App ID inside the binary? I didn't think it was possible to edit that and still get it codesigned for approval.

Unfortunately, the bundle id is just stored in a plist file, and it's actually quite easy to re-sign an app bundle with a different profile after modifying it.

Would checking the value of [[NSBundle mainBundle] bundleIdentifier] with a hardcoded value help?

It would be a bit more code, but just a few lines of verification code when the application launches and the app can refuse to start up if the value doesn't match.

Someone dedicated would still be able to crack it, but it would at least require some effort on the part of the fraudster