Can an APK be repacked after a minor text edit?

android mobile air apk
15,844

Solution 1

Ok I reached the best "tested" solution - I'm posting it here to save other developers hours of googling. The only downside is that I will require the customer to install JDK on his machine, unfortunately. The reason is because I did not find any apk-signing tool that works purely on windows, without relying on JDK.

I have my android application created using Air, so this makes things easy for me - all of the air files are treated as resource assets. So have your APK archive file ready.

Once you have your modifications ready, put them inside a temporary folder named "assets". You will use the 7-zip command line tool (free: http://sourceforge.net/projects/sevenzip/) to update the contents of your apk. To have it working with your apk you will have to rename your apk's extension to zip - don't worry, you'll change it back later.

Now from a .bat file (or directly in the command prompt) from the location containing both your apk file (zip extensioned) and your assets folder, you'll call: 7za u APK-file.zip assets

Now your apk file is updated. Rename it back to .apk extension

Now you'll use the signAPK tool from here https://code.google.com/p/signapk/ and note that this is the only step requiring JDK installed. It also assumes that you have your key files ready (replace the dummy ones included in the package). Extract the file contents and call: java -jar signapk.jar key.x509.pem key.pk8 [android_app].apk [signed_android_app].apk

At the very end, you may find your signed apk file size drammatically increased. So you need to use the android's zipAlign tool: (darn, can't post the link since new users can only post a maximum of two hyperlinks) you will be calling the command: zipAlign -c 4 [signed_android_app].apk

And voila! That's the route I'm taking.

If someone finds a way to do the signing process without relying on JDK (assuming the key files are ready) please share.

Solution 2

How can I solve this?

You don't. If you modify an APK file, by any means, it must be re-signed.

Solution 3

Android apk files must be signed. That signature proves that the contents of the apk have NOT BEEN MODIFIED from what was initially published. (Which is exactly what you are doing.) The signature at the same time, also proves who the author is.

So in a normal signed apk file:

  1. You know who the author is. (Even if it's not something you as a human can understand.)
  2. You know the contents were put there by the author, and not modified since.

This is a key security measure built into Android, is there for very good reason, and cannot be overcome. It prevents things like viruses from being embedded inside innocent apk files.

Share:
15,844
Ayman Abdel-Rahman
Author by

Ayman Abdel-Rahman

Updated on July 19, 2022

Comments

  • Ayman Abdel-Rahman
    Ayman Abdel-Rahman almost 2 years

    I'm creating a software that will guide the user through a few steps, to publish an android application (APK file).

    The way I am doing this, is that the APK file is already compiled, and all I need to do is replace an XML file in the package, and that will change the behaviour of the application. My big problem now, is that unpacking the apk file, and doing any tiny text edit, and then packing it again, breaks the signature and prevents the application from running on any device, giving a message that the signature is incorrect.

    How can I solve this? I want to safely open the APK, write something in a text file, and close it again. Note that this operation will be done on the user's computer (after he purchases our application) so we're look for a command-line tool with no special requirements like JDK.

    Any help?

  • Ayman Abdel-Rahman
    Ayman Abdel-Rahman about 12 years
    But i've found tools that can modify the content of your apk - but they require the JDK.
  • Abdullah Saleem
    Abdullah Saleem about 7 years
    I wrote a script for this github.com/Abdullah2993/APK-Asset-Changer

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cause: buildOutput.apkData must not be null
Problem "Entry name 'META-INF...' collide - Android
how to reduce apk filesize for flutter build apk?
`flutter pub get` results in build runner error
Border radius of selection list of DropdownButtonFormField in flutter
Flutter: How do I disable scrolling for a GridView widget, but have scrolling enabled for the page as a whole?
version code shows different from local.properties file when l install the app on the real device
Flutter: How to achieve a Radial Widget like this in flutter? Circular breadcrumbs/ step progress indicator
Flutter: Circular Color Picker (Package: flutter_colorpicker)
Flutter App targeting Android 12 CRASHES => FLAG_IMMUTABLE or FLAG_MUTABLE to be specified when creating a PendingIntent