-6

Possible Duplicate:
Is it possible to decompile an Android .apk file?

I have a question about Android APK signing. Here is a scenario: There is some App on the market. I install it on my device. Extract the APk, decompile it. Then recompile it (making whatever changes i want) , sign it using my keystore and upload it to the Market and basically spoof that App. Is there anything (apart from the App itself checking who has signed the App) stopping someone from doing this?

Community
  • 1
  • 1
TheBlackMamba
  • 1

2 Answers2

2

On the play store every app has a unique package name. So you can't upload an app with the same package name. Besides that you have to agree to Google's agreements(and uploading someones app is definitely against their agreement), so If you want to get sued by the original developer then go ahead...

Ahmad
  • 69,608
  • 17
  • 111
  • 137
  • Firstly, I do not plan to do any of this. This is just to understand if it is possible and understand how the signing process works. so @Ahmad its not possible to do so? And does Google check what the package name of the App is? – TheBlackMamba Dec 04 '12 at 18:03
  • Google checks the package name. But you can change the package name in a decompiled app, it should be a bit tricky, but it's possible. – Ahmad Dec 04 '12 at 18:20
  • Yes Google Play Store does. For instance once you upload an app with a certain package name, you cannot change it w/o creating a whole new app in the market. – Mike Dec 04 '12 at 18:21
0

I'm assuming that you are asking because you are worried about this happening to you, not that you are planning to do this to someone else's app.

You won't be able to use the same package name as an app already in the market. Someone installing your app will not lose the other one. As far as the market is concerned, they are completely different apps. They will need to be published under different publisher accounts, since they are signed by different keys.

If you want to spoof at the surface level (which is all you can do anyway), there's a much easier way. Just write an app that has the same name and description as an app on the market. Someone looking for "Goofy Game" will find your ersatz title along with the real "Goofy Game" app. Caveat emptor.

Ted Hopp
  • 232,168
  • 48
  • 399
  • 521
  • Yes, that's right. I'm trying to understand the whole signing thing. So, if I understand this right. Someone cannot take an app decompile/recompile it, sign it using their keystore and put it on the Market because of a conflicting package name. But I can have an App with a different package name but same name & description. Thanks for your reply. – TheBlackMamba Dec 04 '12 at 18:23