My professor said to me that when you build apk the serial number of the computer or of the cpu that built the APK is written in the file
My question is if it’s true where it’s written?
Because I think it’s might be wrong
I tried to decompile the apk
And search inside the files
I tried using 7zip too
I have dealt with APK structure and building, and have never heard of something like that, to be honest. Has he mentioned, which file should be affected? The APK in a whole or a specific file within the APK? And in which step of APK building this happens?
The closest I can think of would be the mechanism to provide alternative resources to support specific device configurations. But that still hasn't to do anything with any kind of serial number for the computer the APK was built on.
Related
I am looking for a way to make changes to my apk file - These changes should make the apk harder to reverse engineer.
I am already running Proguard to obfuscate the code.
From what I see there are Dexguard and Dexprotect that add encryption for your classes and resources. Is there a simple way to add encryption by your self to the resource folder?
I have also found from old answers HoseDex2Jar. This tool will protect your code from decompiling. The answers were 4 years old and now I could not find this tool. The website is still online but it seems that they have redesigned their software. Is there a new solution like this?
On Jelly Bean it seems that you can encrypt the apk. But it only works if you install the apk from adb - so it can not be used in production(where users download the app from google play)
https://nelenkov.blogspot.ro/2012/07/using-app-encryption-in-jelly-bean.html
Thanks
I am wondering if it is possible to build an .apk-file from an app on my android device, meaning the apk will build and install itself on my phone for instance.
This has to be done without any USB-cables etc!
Best regards
First question: You dont wanna build an apk form existing app, do you?
However, if you have Eclipse, what so ever, on your computer and made the apk file, you can transmit it by e.g by wlan to your smartphone and install it. Beginners could do it like this:
Copy the APK file to your Android’s memory card
Download and install the Apps Installer application from the Android Market
Once installed, the Apps Installer will display the APK files on your memory card.
Click and install your APK files.
Else i guess you need a rooted smartphone to it by hand.
You could use an app like Apk Share to backup apps if that's what you mean.
As far as I know, only AIDE and APDE has managed to successfully done this. I am also looking for a solution to do it, and here's what I found(similar questions on Stackoverflow also didn't get answer):
You might want to cross compile the toolchain itself.
Or you can use a web server that's running linux to compile the apk
So far similar questions only get answers like: hey use AIDE, which is not the answer, here we're looking how to make something like AIDE, not using it. So either cross compile or use a web-based compiler. I haven't found any other solutions
I have a native library that my project uses(for four architectures). (Note, that I did not compile them , I just got them from a third-party). Exporting a signed apk right now is a pain. I do the following:
Delete 3 of the 4 architectures from the libs folder
Export a signed package
Replace the libs folder with history
Go back to step one
Now, these steps are fairly tiresome and there is a chance of making mistakes while uploading.
Is there any simple way I can just Export 4 apks for the for 4 different architectures (in an automated way)?
I am using Eclipse
Well done for considering the user, and producing architecture specific apks, rather than bundling all architectures in a single apk with the resultant waste of filespace on already constrained devices.
Eclipse (or rather the ADT) does not have the ability to do what you want.
One answer to your problem (unfortunately adopted by many developers) is to simply give up, and just produce one apk with all architectures included. (I've even seen this happen for system apps - that by definition must know exactly what architecture they are going to run on).
An approach I've taken is to export the app from Eclipse with all architectures in it, and then to manipulate that apk using a zip tool to produce further copies with the unwanted libs deleted. You then have to resign the apk since you have changed the constituent contents.
I'm creating a software that will guide the user through a few steps, to publish an android application (APK file).
The way I am doing this, is that the APK file is already compiled, and all I need to do is replace an XML file in the package, and that will change the behaviour of the application. My big problem now, is that unpacking the apk file, and doing any tiny text edit, and then packing it again, breaks the signature and prevents the application from running on any device, giving a message that the signature is incorrect.
How can I solve this? I want to safely open the APK, write something in a text file, and close it again. Note that this operation will be done on the user's computer (after he purchases our application) so we're look for a command-line tool with no special requirements like JDK.
Any help?
Ok I reached the best "tested" solution - I'm posting it here to save other developers hours of googling. The only downside is that I will require the customer to install JDK on his machine, unfortunately. The reason is because I did not find any apk-signing tool that works purely on windows, without relying on JDK.
I have my android application created using Air, so this makes things easy for me - all of the air files are treated as resource assets. So have your APK archive file ready.
Once you have your modifications ready, put them inside a temporary folder named "assets". You will use the 7-zip command line tool (free: http://sourceforge.net/projects/sevenzip/) to update the contents of your apk. To have it working with your apk you will have to rename your apk's extension to zip - don't worry, you'll change it back later.
Now from a .bat file (or directly in the command prompt) from the location containing both your apk file (zip extensioned) and your assets folder, you'll call: 7za u APK-file.zip assets
Now your apk file is updated. Rename it back to .apk extension
Now you'll use the signAPK tool from here https://code.google.com/p/signapk/ and note that this is the only step requiring JDK installed. It also assumes that you have your key files ready (replace the dummy ones included in the package). Extract the file contents and call: java -jar signapk.jar key.x509.pem key.pk8 [android_app].apk [signed_android_app].apk
At the very end, you may find your signed apk file size drammatically increased. So you need to use the android's zipAlign tool: (darn, can't post the link since new users can only post a maximum of two hyperlinks)
you will be calling the command: zipAlign -c 4 [signed_android_app].apk
And voila! That's the route I'm taking.
If someone finds a way to do the signing process without relying on JDK (assuming the key files are ready) please share.
How can I solve this?
You don't. If you modify an APK file, by any means, it must be re-signed.
Android apk files must be signed. That signature proves that the contents of the apk have NOT BEEN MODIFIED from what was initially published. (Which is exactly what you are doing.) The signature at the same time, also proves who the author is.
So in a normal signed apk file:
You know who the author is. (Even if it's not something you as a human can understand.)
You know the contents were put there by the author, and not modified since.
This is a key security measure built into Android, is there for very good reason, and cannot be overcome. It prevents things like viruses from being embedded inside innocent apk files.
I compiled and ran a project on my phone through eclipse which is still install there currently. While doing some directory cleaning I accidentally deleted the source code so the only remaining version of the code is in the apk installed on my phone. Is there anyway to export the app back to my computer?? It isn't signed or anything either.
Thanks!
You can set up to be able to copy files on/off your phone via the USB connection - heres where you can look to find it:
Does Android keep the .apk files? if so where?
Then after you get the .apk off look at these questions for decompiling:
Is it possible to decompile an Android .apk file?
decompiling DEX into Java sourcecode
You CAN pull the APK off of the phone, but it's going to be Java Bytecode, not your source code (regardless of whether or not it's signed). You would have to reverse-engineer the classes to retrieve your code. If it's not a VERY large app, I'd say your time would best be spent simply re-creating it.