I've been trying to get the api endpoints and routes of an app from the Play Store, so far I've tried:
Using mitmproxy without root: rejects the user's certificate (https://github.com/mitmproxy/mitmproxy/issues/2054)
Running the app on multiple rooted and non-rooted android emulators: says the integrity check has failed due to rooting or similar. Rooting and installing rootcloack seems not to help.
Modifying the .APK to accept the user certicate using https://github.com/levyitay/AddSecurityExceptionAndroid as said here: https://github.com/mitmproxy/mitmproxy/issues/2054#issuecomment-289206209
I'm getting the APK from https://apkcombo.com/, which downloads a .zip with multiple APKs (com.[appname].app.apk, config.es.apk, ...) I unzip it, run https://github.com/levyitay/AddSecurityExceptionAndroid on com.[appname].app.apk and then I zip it again and try to install it using https://apkcombo.com/es-es/how-to-install/, but it gives me this error: https://i.imgur.com/nUIAsTc.png
I've looked into some tutorials to sign the .apk, but I think I'm doing something wrong as the error keeps popping, sometimes it's another error about a missing certificate.
So, how can I modify the apk to accept the user certificate correctly?
I'm also trying to get the api endpoints by decompiling the app, but the code seems really obfuscated.
Related
I have been developing my app for a while and runing on a real device through Eclipse using Run As -> *Android Application*.
Now I am trying to distibute it to some beta users for the first time.
I used Eclipse to create a signed app, using a new keystore that I generated through the wizard. This appeared to work fine and when I check with Jarsign I get the message "Jar Verified", although there are a couple of warnings too. These are "This Jar contains entries whose certificate chain is not validated" and "Ths Jar contains signatures that do no include a timestamp".
I then copied the resulting apk onto the device and opened it. But got a message "This app was not installed". And in log cat I can see:
"Package has no certificates at entry ; Ignoring!"
I found some people had suggested going back to JDK 6 (I did have 7 previously), but that didn't help.
A few people suggested it might be due to duplicate activities in the manifest so I checked the manifest thoroughly.
What I have found is that if I rename the apk so that it is no longer exactly the same name as the last part of the package it suddenly works.
So if the package is com.mydomain.myapp and the apk is myapp.apk I get the error, but if it's myapp_debug.apk it installs just fine.
I find this very confusing and more than a little worrying. I would like to publish this app for real eventually and I'm not sure if I've done something wrong.
Based on your renaming makes it work description, you already have an app with the same package name installed on the device, but signed with a different certificate (probably the debug certificate used for eclipse-launch installs).
You must simply remove the existing installation before you install your release version. You can do that either from the settings menu, or with an ADB command of the form
adb uninstall your.package.name
Note that this removal will wipe out the private data stored by the app - that's part of why you have to do it, to prevent an imposter (naturally having a different certificate) from easily grabbing data left behind by a real app.
Remember also when distributing apps to others in this manner that they will need to allow unknown / non-market sources in their settings menu.
When I'm away from my computer, I like to use TeamViewer to access it and work on my Android apps. I save unsigned .apk files to my Google Drive so that I can test them while on the go, too. I download the .apk files to my Android device through the Drive app, but I'm having an issue.
When I go to install the App after downloading it from Google Drive, Android asks me if I'd like to install the App. When I click yes, it begins the install process but then exits with an "App Not Installed" error. There doesn't seem to be any other indication of what happened.
I've tried this with several of my .apk files, but they all give me the same issue. If it helps, these are apps I've previously downloaded by running the app with my android device plugged into my computer. I made sure to uninstall the app before trying to install it through the .apk file. I'm testing on a Google Nexus 7 32GB.
Any help would be much appreciated. Thank you!
To me, it sounds like you are trying to install an APK that is signed with a different certificate than the one installed on the device.
Run logcat, and you will see a message with information on exactly what is happening.
Have out tried installing your unsigned APK through ADB? This should let you see any errors there are in installing that APK, such as security settings.
According to a now-deleted(?) comment, you were trying to install an unsigned APK.
Alas, you cannot install an unsigned APK. Android -- emulators and devices alike -- only run signed APKs.
What comes out of the normal development process is an APK signed with the debug signing key, not an unsigned APK. There is a concept of an unsigned APK, but you have to go out of your way to create one normally, and it's usually just an interim step en route to signing it.
I has build an .apk with a server but I can't install it on a android device keytool:
INSTALL_FAILED_NO_CERTIFICATES
How can I publish my application without certificate ?
You can't. No app store will let you upload an unsigned apk, and even if they do, no Android device running an unmodified version of Android will let you install the apk without a signature.
This is why even eclipse uses a debug certificate to sign your app during the development process. Additionally, certain APIs and libraries like Google Maps will not be usable without a signed binary.
It is not difficult to do. Here is a link with just about everything you need.
If you want to upload it to any appstore, you can't.
If you want to send it to people that knows you and trust you, it can be done...
On the end user phone system menu, choose Settings/Applications/Unknown sources, then install from SD card, file attached to an email or any other source
You can self sign your application as explained here: http://www.androiddevelopment.org/tag/apk/
I do understand that a .apk file is created in the bin folder of an android project, when the project is run.
I have a question about this: is it possible that there would be any difference in the functionality of an app installed via eclipse (as in connecting the phone to the computer and uploading and installing the app on the phone) versus installing the app by downloading a .apk placed on a secure server?
The reason I ask this question is that I usually put up the .apk file on a secure server and the testing team downloads and installs the app for testing purposes. The testing team has started to report app crashes when accessing this app. However, I don't seem to be seeing the any such problems (even while replicating the same scenarios) with the app when I install it on the phone via a cable connected to the computer.
You might be falling into a caching issue. Make sure you get the QA team a new filename of the apk on the server to ensure that they never get a cached apk when downloading it. Also maybe create a md5 sum of the apk locally and run md5 on the apk on the server after upload to ensure it is the same.
e.g. use
md5 yourapk.apk > yourapk.md5
on your machine and the server..
Most likely you QA team has found issues that are specific to the device or Android platform version they test with. Try with your apk with the same hardware in your dev environment.
I don't see how that would possible. The Eclipse ADT plugin just calls the executables in the specified Android SDK location on your hard drive and the .apk gets generated only once when you use Eclipse to install the application to your plugged phone.
Unless you're packaging the two versions in a different way, that shouldn't be possible. My guess is that your testing team has just found bugs specific to the runtime environment (the phone). Maybe a different version of Android, conflicting custom ROM, etc.
No, there is no difference , if the apk on the secure server is as latest as you have on your computer.
I would recommend you to clean your project before uploading the apk to the server.
Regarding the crashes, i guess there are some location based problems.
Also check if you are uploading the apk from your workspace. or some other older version which is located in different place that you are not using anymore.
I am building an app using Eclipse. I got it to work on my device and I am trying to distribute it to a couple friends for them to test it on their phones, but I send them the same .apk I installed in my N1 and they aren't able to install it.
I tried sending them the version from inside the bin/ folder, extract it as an unsigned application or as a signed one, with the same results.
My SDK target is 1.6, so this isn't a problem, because both of them have 2.1+.
The main problem for me is that I have to test the application on real devices, since the emulators don't surf the net if I am connected to Internet through a proxy.
I use a Google keytool because I am using some Maps functionality, so I think that it could be in some way the source of the error, but I don't know what I have to do to fix this. Is it possible that the key is only valid for my device?
I thought that maybe the .apk wasn't working and I could only install it through my USB cable, but I was able to install my app from the same e-mail I sent to my friends.
Thanks in advance!!
Edit: I finally got hold of a friend's device and the error I got was the following, although I was able to install the app via Eclipse (USB cable).
WARN/PackageInstaller(3317): Parse error when parsing manifest. Discontinuing installation
But if the manifest was wrong, I wouldn't be able to install and run the app, right?
The Google Maps api has both debug and release keys. So if you are using a debug key and generate a release apk, then the Maps api key will be incorrect and your map won't load any tiles.
You should make sure you are using the Maps Api key generated from your release keystore, and export the app in release mode.
whats the logcat output when the instalation fails ?
you can connect to the device using a usb port or use a logcat app from the market