I need to be able to change out the package name of an existing .apk in order to run simultaneous instances of an Android app I created in Visual Studio using Xamarin. However, I will not reliably have access to the computer with the Xamarin license when I need to change this package name, so I can't simply edit the manifest pre-build. I tried using ApkTool to unpack the apk, edit the manifest, then re-package and re-sign the apk. However, while I am able to install this new apk on a device side-by-side with the original apk, the new app instance fails to start. I receive the following error:
"monodroid" "No assemblies found in '(null)' or '/storage/emulated/0/Android/data/com.newpackagename/files/.override'. Assuming this is part of Fast Deployment. Exiting..."
I assume this means that somehow changing the package name post-build has lost some link to the assemblies. However, I can find no remaining reference to my original package name even after searching the entire unpacked apk (both folders and within files). So I'd like to figure out how to regain these assemblies to allow my app to run. I understand this is very unusual and it may not even be the right way to go about it, but I need the ability to change my package name without having access to Xamarin. This seems like the most promising solution.
Xamarin relies on storing files, unknown to aapt (Android Asset Packaging Tool), within the final built apk. These files are inserted usually in the assemblies folder within the root of the apk with the STORED compression type so that Xamarin can access the files without decompression.
Apktool used to ignore all files that aapt would ignore. IE. If the file isn't a folder/file of this array
private final static String[] APK_STANDARD_ALL_FILENAMES = new String[] {
"classes.dex", "AndroidManifest.xml", "resources.arsc", "res", "lib", "libs", "assets", "META-INF" };
than Apktool would ignore it. However, an attempt was made during development of 2.0.x to include these unknown files.
A bug with the Java 7 NIO library caused all "unknown" files to be stored as DEFLATED. This changed the storage format of the DLLs from STORED to DEFLATED thus this error.
This error was fixed on March 25 - https://github.com/iBotPeaches/Apktool/commit/628286c022e3a872d6ab6bfb3431579f98743c25
As of April 8, 2015 - There are no official releases with this fix in it. You may build Apktool yourself though until 2.0.0 Gold is released.
Related
Background info
When uploading an app to the play store that uses a native library its necessary to also upload the native debug symbols to get useful crash/ANR info.
If you upload without symbols you receive the following warning: "This App Bundle contains native code, and you've not uploaded debug symbols. We recommend you upload a symbol file to make your crashes and ANRs easier to analyze and debug."
In the past when uploading apps as .apk files it was necessary to manually upload such debug info. Now using .aab if the native library is built via android studio its possible to set android.defaultConfig.ndk.debugSymbolLevel = 'FULL' at which point when you build a the .aab it will include the debug info automatically, you upload this single file and everything is done/working.
pre-built libraries
However its not always possible/ideal/necessary to build a library inside android studio. Sometimes there are reasons for libraries to be externally pre-built and just used by android studio not built by it; Android studio supports this via a directory structure which is described here https://developer.android.com/studio/projects/gradle-external-native-builds#jniLibs
In short you just copy the libraries into the correct src/main/jniLibs/{ABI} path(s) and it is picked up and made part of the bundle.
Problem
Android studio can build a .aab that contains debug info that play store can understand so that you don't need to upload it manually.
Android studio can use pre built native libraries if you place them in the right path structure
I am unable to find any documentation or way to do both of these things together, use native pre-built libraries but include their debug info in the .aab. Even though logically it should be possible to do this.
I have searched everywhere I think but can't find anyone even talking about this really, how/where do you place the corresponding debug information so that that also can be included as part of the .aab? Is there a separate path for this, do they just need a specific file extension, does gradle need to be told what to do with them somehow?
Is it really just not possible?
Things I have tried:
Don't split the debug info just leave them in the .so files - play store does not strip them then so you deliver giant debug versions of your builds to your users
Split the debug info into files with .so.dbg extension and place them alongside the .so files - they aren't included in the .aab
Following the instructions (here https://support.google.com/googleplay/android-developer/answer/9848633 and elsewhere) to manually zip and upload the symbols after uploading the .aab - this appears to work but isn't the same convenience wise as having them in the .aab
I've tried building a sample app with android studio building a lib instead of using a pre-built lib just to verify that it does then include the debug info and what file extension it uses.
After some more digging I found the task responsible for this is "ExtractNativeDebugMetadataTask" with which some effort can likely be tailored/altered to do custom things here.
However this ended up being unnecessary as while digging into this I discovered that it actually already works.
At least as of now in latest gradle versions (not sure about the past).
It was only failing due to some NDK path confusion which doesn't fail the build/creation of the bundle building but just logs an easy to miss informational message.
Ultimately all you need to do to make this work is:
Build your external .so files with -g -g3 or similar
Do not strip them in any way
Place them in jniLibs directory structure un-stripped
Configure your build.gradle appropriately android{ ndk { debugSymbolLevel 'FULL' } ndkPath "$projectDir/path/to/NDK" }
Resulting .aab will contain the stripped .so files and the split-debug .so.dbg files all in the right location.
I am particularly new to the Android Security Realm and trying to understand how Android, during installation(and execution) of an apk file, validates its integrity.
Just to try my hands on, I tried recompiling an apk with three .dex files and changing one byte of of the contents in the header section of only one of the classes.dex using a Hex Editor before signing it.
The App installed on the device with almost no complaints but with much shorter time as it usually does.
On trying to run the App, as expected, it crashed complaining it can't find the Application class and the required .dex file isn't present in the /system/... path.
I want to understand why the App installed successfully in the first place and Android didn't complain of corruption during installation. Also, What are the checks which Android is actually placing during the installation which detects this corruption.
P.S.: I changed one byte in the SHA-1 header of one of the .dex file(classes.dex particularly)
As you found, an invalid dex file won't cause installation to fail. Typically, as part of the installation process, art will optimize and compile the dex file - the result of which is an oat file. It's during this process that the dex file is checked for integrity.
You can take a look at art's source to see what kinds of verification it performs on the dex file. See e.g. here, but elsewhere as well.
I need to upload a .apk but it exceeds the 50 MB limit.
I read about this on documentation and some questions but I'm having difficulty making this work.
Does anyone have some tutorials that explain how to do this (using Android Studio) and if there is some way to use Gradle to do this?
I've done this on a few projects, but I never figured out a simple way. The instructions at
http://developer.android.com/google/play/expansion-files.html
helped me get my head around the basics, but I found parts of the process (like "android update project") didn't work properly with Gradle.
The instructions below will help you set up your project with the required libraries. After that you can go back to the official docs and figure out what to do with all the stuff you just included.
Add these permissions to AndroidManifest.xml
<uses-permission android:name="com.android.vending.CHECK_LICENSE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>
Add Play Services dependency to build.gradle
dependencies {
compile 'com.google.android.gms:play-services:4.0.30'
}
Open SDK Manager and install Google Play APK Expansion Library and Google Play Licensing Library.
Copy java source files from these folders into your project's source/main/java folder:
YOUR-ANDROID-SDK-FOLDER\extras\google\play_apk_expansion\zip_file\src
YOUR-ANDROID-SDK-FOLDER\extras\google\play_apk_expansion\downloader_library\src
YOUR-ANDROID-SDK-FOLDER\extras\google\play_licensing\library\src
Open
YOUR-ANDROID-SDK-FOLDER\extras\google\play_apk_expansion\downloader_library\res
Copy drawable-hdpi, drawable-mdpi and layout into your project's source/main/res folder.
For all files in the values folders, merge content from the file into the matching file in your project.
Create a class which extends android.content.BroadcastReceiver
Add something like this to your manifest:
<receiver android:name="mypackage.MyReceiver"/>
Create a class which extends com.google.android.vending.expansion.downloader.impl.DownloaderService
Add something like this to your manifest:
<service android:name="mypackage.MyDownloaderService"/>
Compile the project and look for errors relating to
import com.android.vending.expansion.downloader.R;
Import your own project resources here instead.
Here is some helfull information for people that end up here in this post since there are some things that changed in the way apk expansions work and also if you are using Android Studio to make the libraries work. So you will need the play services library and the downloader library. (and also the zip tools if you want to use a zip as expansion file and read files and movies directly from the zip without unpacking).
With these libraries it's pretty easy to implement the apk expansion download just make sure:
your activity (the one where you want to implement the downloading
of the expansion pack when the downloading has not been done
automatically) implements IDownloaderClient.
you set up the service & receiver and set them up in your manifest.
The BASE64_PUBLIC_KEY in the service class is correct. Upload the
first apk => look in Services and API's in the developer console
under your app => License code for this app.
This code is used to see if the expansion file can be found on the device:
boolean expansionFilesDelivered() {
for (XAPKFile xf : xAPKS) {
String fileName = Helpers.getExpansionAPKFileName(this, xf.mIsMain, xf.mFileVersion);
Log.i(TAG, "Expansion filename " +fileName);
if (!Helpers.doesFileExist(this, fileName, xf.mFileSize, false))
return false;
}
return true;
}
It uses the class XAPKS wich represents an expansion file, be it either a main or patch file, having a certain filesize(bytes) and associated with a apk version (the one it was first added in).
private static class XAPKFile {
public final boolean mIsMain; // true
public final int mFileVersion; //example 4
public final long mFileSize; //example 126515695L
// example => main expansion that was first introduced in apk version 4 and is 126515695 bytes in size
XAPKFile(boolean isMain, int fileVersion, long fileSize) {
mIsMain = isMain;
mFileVersion = fileVersion;
mFileSize = fileSize;
}
}
Its also quite easy to read movie files and other stuff directly from the expansion file using the zip tools that google has provided (com.android.vending.zipfile).
First get the expansionfile using the methods provided in the library, the paremeters are integers that represent your main expansion apk version (the apk version where the expansion pack you need was first added) and the patch apk version.
ZipResourceFile expansionFile = APKExpansionSupport.getAPKExpansionZipFile(context, APKX_MAIN_APK, APKX_PATCH_APK);
Video
For playing video directly from this zipresourcefile:
AssetFileDescriptor a = expansionFile.getAssetFileDescriptor(pathToFileInsideZip);
Now from this assetFileDescriptor you can get a FileDescriptor and use this in your mediaplayer, the correct syntax to get your mediaplayer to play the video also needs the second and third parameter.. Be it the startoffset and length you can get from the AssetFileDescriptor.
player.setDataSource(a.getFileDescriptor(), a.getStartOffset(), a.getLength());
Other
For all the other stuff (like images) you can just get an inputstream of the zipresourcefile:
expansionFile.getInputStream(pathToFileInsideZip);`
ALSO make sure you don't compress the videos in the zip for this to work!
for example not to compress .mp4 files:
zip -n .mp4 -r zipfile.zip . -x ".*" -x "*/.*"
NOTE 1
You can't use draft anymore as the link to get the expansion file won't be active yet. You have to upload a version to Alpha or Beta first with expansion file. (adding an expansion file is only possible from the second apk you upload and up) So make sure you see the apk expansion file listed when you click the details in the developer publish section under APK.
NOTE 2
If you are using android studio and want to make use of the downloader library don't just copy the package name and java files into your own app src directory. Import the downloader library in eclipse and choose export => gradle build files. Afterwards you can import the library as a module in android studio.
NOTE 3
Not sure of this but I also think it's neccesary to download the app atleast once through the play store and have access to it with the account on your test device. So if you are working with alpha create a google+ test group and add yourself or other test devices to it.
I have just succeeded in making an app that uses the expansion files with Android Studio. Doing this is a monumental challenge. My first advice is that if you just want a big app, make it for an Apple product. Apple accommodates large apps very nicely. On the other hand, Android has made it nearly impossible to make an app larger than 100Meg.
If you do wish to make a big Android app, first get the app working. But do not release any version of the app with a compileSkdVersion larger than 22. Later, I explain that the expansion libraries don't work with a later version so your final app must be version 22 or less. If you do release a later version the Google Store will not let you go back to version 22. In that case, abandon your app identifier and make a new app using version 22.
The libraries and code that you need can be obtained thru tools->android->SDK Manager". On the SDK Tools tab select and load Google Play APK Expansion library and Google Play Licensing Library. At the top of SDK Manager window note the Android SDK Location: field. After the download you can find these files in your SDK directory under extras/google. At this point the directories you are interested in are called market_apk_expansion and market_licensing.
Android documentation on the expansion files give you instructions for linking these libraries into your project. I have spent hours attempting make this work. Generally, Android Studio does bad things. First, it never seems to give error messages when what you enter is not right. Both of the times I got the expansion files to work I incorporated the libraries into my app and did not use the library features of Android Studio. However, putting the libraries into your app is not easy.
First, I should explain that these libraries are old and do not work with the latest SDK versions. I was able to get the libraries to work with a compileSdkVersion of 22. (See build.gradle for the module:app.) The targetSdkVersion should be 22. And under dependencies you should have compile 'com.android.support:appcompat-v7:22.2.1'. This will allow you to use the DisplayWebpageActivity.class. I think this was added in version 23 but it seems to work in this version of 22. I also have added compile 'com.google.android.gms:play-services-appindexing:8.1.0' but I do not know if this is necessary.
In my opinion there is no hope for ordinary people to write the code necessary to download an app. I used the code from the sample that is included in the "extras". You find this sample at /extras/google/market_apk_expansion/downloader_sample. What you need to do is to make this sample app (which does nothing but load the .obb files) be the opening page of your app. Add an Intent to the sample program so that it calls the real first page of your app when the .obb files are present.
The sample program consists of a "res" directory and three .java files. You need to put the three .java files into your main java directory. Change the name of the "res" directory (to "res2") and put this into the same directory that contains your normal "res" directory. To get Android Studio to recognize both "res" directories you add the following to your "build.gradle (Module:app)" file:
sourceSets {
main {
res.srcDirs = ['src/main/res']
res.srcDirs += [ 'src/main/res2']
res.srcDirs += [ 'src/main/res3']
}
}
The above is in the android { } section. The "res3" will come from the libraries.
All of the package names and some of the includes in the three .java sample files must be fixed to match your package name. In "res2" there will be an app name that conflicts with your app name, so delete it. You must fix your manifest so that it starts to execute SampleDownloaderActivity. And fix SampleDownloaderActivity so that it call the start of your app when the .obb files are there.
The Android documentation suggests that you make your .obb file a zip archive. I did this with my first expansion file app. For my application this did not work well. I had lots of small images. These images were already compressed (.jpg). Accessing any image was slow so I ended up making a poorly performing app.
In the second expansion app I used the "patch" file for a directory and put the photos into the "main" file. To access a photo the patch file is read and put into a dictionary that contains photo names, locations and lengths. This lets the app find where an image is in the main file, which is treated as a random access file. The photos that I need are copied into the storage for the app and given their proper names (xxx.jpg). The photos are then accessed inside of HTML code.
The two libraries are also integrated into the app. There is a "res" directory that is renamed to "res3" and put into the same directory as the regular "res" directory. In my app/src/main/java/com/developer/app_name directory I added a "downloader" and "licensing" directories. I wrote a program to move the libraries into their directories while fixing the package names and other occurrences of the original package name. The program only got some of the names that needed to be changed. Keep working on getting all these names fixed while ignoring some other kinds of errors. Many things that reference the "res3" directory did not work until I added an import statement like this:
import com.developer.app_name.R;
In the licensing library the LicenseChecker.java file contains code that will crash in SDK version 22. You must fix this code or use an older SDK version. Go to around line 150. Comment out the code that starts with boolean bindResult = mContext to Context.BIND_AUTO_CREATE);. Replace it with the following:
Intent serviceIntent = new Intent(
new String(Base64.decode("Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U=")));
serviceIntent.setPackage("com.android.vending");
There are a couple other errors in the library where Android Studio gives good suggestions on ways to fix them.
During debug you can manually put the .obb files into your device. On my Android this is done in Nexus 5/Internal storage/Android/obb where I make a folder called com.developer.app_name. I have discovered that what I see on my computer is not always what is in the device. Sometimes I must power the device off and on in order to see what is actually there. I spent lots of time trying to understand why the app could not find the .obb files when I could see them thru the computer. In fact, the .obb files were not there.
After you app works in debug with and without the .obb files, and without the .obb files it tells you that they can't be obtained from the store, it is time to take the app to production in order to finish testing it. If this is the first upload to the store the upload software fails to ask for the .obb files. So upload your app. Then, before attempting to release it, change the load number and version number and upload it a second time. This time it will ask for the .obb files.
Add them as a modules , Or import them in eclipse as a libraries ,go to Android studio and import non android studio project .. Go to Project Directory
When I right click on a project on Eclipse and click on "Run as Android App", does it have a different build process then Ant builds?
Currently I am working on an app that uses another project as a library dependence. Everything compiles fine and the app loads, but when I try to use the functionality the library provides, problems come up. The library has a checksum file to verify that the library resources are loaded correctly. When I build to my phone from Eclipse, this check passes. But when I use my ant build, the resource check fails.
I have compared both apk results (diff -rq ant/ eclipse/) and my differences are as follows:
Files ant/AndroidManifest.xml and eclipse/AndroidManifest.xml differ (this is expected)
Files ant/META-INF/CERT.RSA and eclipse/META-INF/CERT.RSA differ
Files ant/META-INF/CERT.SF and eclipse/META-INF/CERT.SF differ
Files ant/META-INF/MANIFEST.MF and eclipse/META-INF/MANIFEST.MF differ
Files ant/classes.dex and eclipse/classes.dex differ
Files ant/resources.arsc and eclipse/resources.arsc differ
I suspect resources.arsc may be causing the problem. The size of these files are only 8 bytes different.
I'm lost on this, anyone have an idea of why this is happening. I've tried deleting the checksum file, but the library won't work without it.
I am developing an android email client application and Calling webservices using ksoap2 library and also writing some encryption algorithm to encrypt data in my client.
In some websites I have read "It is possible to decompile the apk using some decompilers". (i.e.) get the source code from apk file.
But I want to secure my code. Don't show the encryption algorithm code after decompilation or don't want to decomplile my apk file. Is it possible to do that? please can you give some suggestions?
Edit the file (in the project root) project.propierties and add the line
proguard.config=proguard.cfg
And its done. When you try to generate the signed apk of your app it will take a little longer and it will be obfuscated.
If you receive the "Conversion to dalvik error" when generating the apk you need to update the proguard of your sdk. For doing it you need to go to the ProGuard page to the download section. Download the last stable version and put it content in
SDK_ROOT/tools/proguard
Deleting the existing content before of course.
You can check the Proguard manual at their page (link is above) and the Android's Proguard page for more info about ProGuard
This process is known as Obfuscating the code.
EDIT:
Steps to get obfusticated apk:
1) Download latest proguard from "http://sourceforge.net/projects/proguard/files/". Current latest version is proguard4.7
2) Replace "bin" and "lib" folder of "C:\Program Files (x86)\Android\android-sdk\tools\proguard" with latest downloaded proguard folders.
3) Check SDK location in eclipse for blank spaces in it and for that go to window > Preferences > Android. If there is blank space then replace it with:
c:\Progra~2\android\android-sdk (for windows 64-bit)
c:\Progra~1\android\android-sdk (for windows 32-bit)
4) Check that proguard.cfg file is in your project's root folder and add "proguard.config=proguard.cfg" in project.properties file of android project.
5) Now export your project to get obfusticated apk.
I hope that it will help.
You must not rely on security through obsurity.
If you feel that the encrypted data would be compromised by the knowledge of the encryption algorithm, then you're NOT doing security.
It will always be possible to decompile any file, if the "hacker" knows how to do so. That's why there are still cracks for paid applications, because people take their spare time to decompile/crack applications. All you can do is to make them have a hard time by using as many tools as you can. The first choice (and that comes disabled by default) is ProGuard