first sorry for this stupid question but i'm new to this and trying to learn
i have Android App
i did patch the apk to bypass SSL Pinning using apk-mitm
https://github.com/shroudedcode/apk-mitm
i used BurpSuite to do some modification to request body for some of what the app can and can't send and everything works just fine
now is there is any method to patch this APK with these Rules i made and i don't have to run BurpSuite every time i run the App ?
If you have linux you have the methods but as android needs jdk you must compile and regenerate apk. If you know about manual editing. You can do it by repackaging. If you don't you should pay for security application(BurpSuite) for advanced access.
Related
Problem:
Automation of application uploading after successful promotions. Typically easily done with APK and using gradlew scripts.
However, since App bundles are clearly the direction of the future and have many benefits we are moving to deploying with app bundles. We do not want to upload these manually.
I was wondering if anyone has run into this issue and how they resolved it? Initially, I hoping for a gradle wrapper script but I don't believe this will be available for awhile.
The route I'm currently heading is leading me to write a custom script to deploy using this following api.
https://developers.google.com/android-publisher/api-ref/edits/bundles/upload
Edit: https://fastlane.tools
I ended up choosing fastlane for now for simplicity and its robust reputation. Had aab uploading done in a matter of minutes. So far highly recommend.
EDIT: Ultimately, I ended up letting fastlane only handle aab uploads by getting the latest artifact from the successful build and moving it into an empty fastlane project. From there it requires minimum parameters/variables to be able to successfully deploy to google play WITHOUT needing to integrate fastlane into your Android Studio project.
I'm trying to deploy my first (very generic) app built using Ionic. According to the docs for deployment, I'm supposed to use some plugins. However, other sources suggest that I'm supposed to install Google's IDE called Android Studio and create an APK file.
I can't judge which approach is most valid nor if the one is an obsoleted version of the other. And we know how fast the wheels rotate in JS world...
NB. I'm confident in programming in general, I know Angular and have experience with deployments as such. In this case, I'm not looking to set up CI nor testing. I simply want my first app to be reachable through the store.
My suggestion would be to make a build: ionic cordova build android. Next sign it using the command line.
https://developer.android.com/studio/publish/app-signing.html
I am wondering if it is possible to build an .apk-file from an app on my android device, meaning the apk will build and install itself on my phone for instance.
This has to be done without any USB-cables etc!
Best regards
First question: You dont wanna build an apk form existing app, do you?
However, if you have Eclipse, what so ever, on your computer and made the apk file, you can transmit it by e.g by wlan to your smartphone and install it. Beginners could do it like this:
Copy the APK file to your Android’s memory card
Download and install the Apps Installer application from the Android Market
Once installed, the Apps Installer will display the APK files on your memory card.
Click and install your APK files.
Else i guess you need a rooted smartphone to it by hand.
You could use an app like Apk Share to backup apps if that's what you mean.
As far as I know, only AIDE and APDE has managed to successfully done this. I am also looking for a solution to do it, and here's what I found(similar questions on Stackoverflow also didn't get answer):
You might want to cross compile the toolchain itself.
Or you can use a web server that's running linux to compile the apk
So far similar questions only get answers like: hey use AIDE, which is not the answer, here we're looking how to make something like AIDE, not using it. So either cross compile or use a web-based compiler. I haven't found any other solutions
I do understand that a .apk file is created in the bin folder of an android project, when the project is run.
I have a question about this: is it possible that there would be any difference in the functionality of an app installed via eclipse (as in connecting the phone to the computer and uploading and installing the app on the phone) versus installing the app by downloading a .apk placed on a secure server?
The reason I ask this question is that I usually put up the .apk file on a secure server and the testing team downloads and installs the app for testing purposes. The testing team has started to report app crashes when accessing this app. However, I don't seem to be seeing the any such problems (even while replicating the same scenarios) with the app when I install it on the phone via a cable connected to the computer.
You might be falling into a caching issue. Make sure you get the QA team a new filename of the apk on the server to ensure that they never get a cached apk when downloading it. Also maybe create a md5 sum of the apk locally and run md5 on the apk on the server after upload to ensure it is the same.
e.g. use
md5 yourapk.apk > yourapk.md5
on your machine and the server..
Most likely you QA team has found issues that are specific to the device or Android platform version they test with. Try with your apk with the same hardware in your dev environment.
I don't see how that would possible. The Eclipse ADT plugin just calls the executables in the specified Android SDK location on your hard drive and the .apk gets generated only once when you use Eclipse to install the application to your plugged phone.
Unless you're packaging the two versions in a different way, that shouldn't be possible. My guess is that your testing team has just found bugs specific to the runtime environment (the phone). Maybe a different version of Android, conflicting custom ROM, etc.
No, there is no difference , if the apk on the secure server is as latest as you have on your computer.
I would recommend you to clean your project before uploading the apk to the server.
Regarding the crashes, i guess there are some location based problems.
Also check if you are uploading the apk from your workspace. or some other older version which is located in different place that you are not using anymore.
I created a .apk outside of eclipse using tiggr mobile (http://gotiggr.com)
i have the downloaded .apk and need to sign it - so i thought about running it through eclipse then signing it that way
im having the worse trouble importing it into eclipse.
does anyone have any other suggestions on signing this? i keep getting this message when uploading:
Market does not accept apks signed with the debug certificate. Create a new certificate that is valid for at least 50 years.
Market requires that the certificate used to sign the apk be valid until at least October 22, 2033. Create a new certificate.
Market requires the minSdkVersion to be set to a positive 32-bit integer in AndroidManifest.xml.
thanks for your help!
It would be faster to get the source code into eclipse via retyping it than to try and unsign and explode the apk, edit the manifest, fool the tools and sign the package. The tools can be run at the command line anyways and eclipse would just make it harder.
One problem you have is that there are problems in your manifest. The market requires some attributes set in it that you did not need while doing developer builds. You can open up the apk with anything that will open a zip file. You can edit text files with notepad. You package them up with ant by recreating the build.xml by hand. The instructions for signing things is here:
Android Dev-Guide: Signing your Applications
But what a LOT of work... and I am guessing you will need to do this multiple times just for one release to get the manifest right. Then what do you do when you need to update your program?
Will the service not let you export the code in an easy to use way (because... wow... talk about evil)? Failing that cut and paste will save you time but you will almost certainly want to have it in eclipse or some IDE ready to make changes for your market release and build, package and to sign it.
That's not your issue. I suppose you compiled your app and now you're trying to publish it in the market. To do that, you need a private key whick in turn requires you to have a android market developer account.
Normally you can develop your app and install it into most devices but you can't submit apps to android market without a developer account.
If what you really want is only to import your app to eclipse, I suggest you to create a brand new android project and copy everything into it. It's easier and faster than adjusting everything!