0

So I have a debug APK produced by Gradle. I used zip tool to unpack it: unzip debg_app.apk -d some-folder

After that I have packed it back into apk using zip command: zip -r new_debug_app.apk some-folder

When I try to install the new APK (via adb) it gives an error:

base.apk is signed using APK Signatur e Scheme v2, but no such signature was found. Signature stripped?

Does anybody know if repackaging APK breaks the signature? And if so - is it possible to avoid it?

Lino
  • 5,084
  • 3
  • 21
  • 39
Sheroz Nazhmudinov
  • 43
  • 5
  • 1
    Yes, modern APK signature v2 and v3 are invalidated by unzipping and refilling an APK. Use apksigner from Android SDK to sign the repackaged APK. – Robert Feb 24 '23 at 22:38

1 Answers1

-1

Yes, you set the point. APK is a file that have been packaged with full signature. In detail, signature is signed all over the apk file. So when the apk file size is changed even a byte, the signature will be broken. The solution is to sign the repackaged apk again using some apktool like software. You can see the article here.

Kitty Kagaya
  • 1
  • 2
  • "using some apktool like software" is not very helpful. Also the linked question and it's answers are just the opposite of what you wrote because most answers are answers about Jarsigner which only signs the file content of the APK and not the overall APK file as you wrote. That is only done by apksigner from Android SDK. – Robert Feb 24 '23 at 22:35
  • I did it millions of times. All apk files were signed so I could install it on my phone. – Kitty Kagaya Feb 24 '23 at 23:19