Correct, they are simply updating the image resources and resigning the app. The code hasn't been touched (though the code is from a two year old version of the app).

I think we could add some detection to in the code that if the bundle id doesn't match, then app should display a warning.

Correct me if I'm wrong but doesn't the .ipa include the bundle ID as well as the App ID inside the binary? I didn't think it was possible to edit that and still get it codesigned for approval.

Unfortunately, the bundle id is just stored in a plist file, and it's actually quite easy to re-sign an app bundle with a different profile after modifying it.

Would checking the value of [[NSBundle mainBundle] bundleIdentifier] with a hardcoded value help?

It would be a bit more code, but just a few lines of verification code when the application launches and the app can refuse to start up if the value doesn't match.

Someone dedicated would still be able to crack it, but it would at least require some effort on the part of the fraudster