1

I have been trying to install and test this apk that a developing company has been sending us.

They claim that they have tried it in several phones without problems, but I could not get it to install here (netiher in a phone nor emulator). If I try it using the adb tool i get the error Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES].

I've seen the Q&A Failure [install_parse_failed_no_certificates] when attempting to install APK to the emulator and tried to follow the steps there, but then I start having INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES without uninstallation error instead...

When running the jarsigner to verify the app: jarsigner -verify -verbose -certs apkname.apk I get a long list of files with sm before them and the certificate information like below:

sm      2200 Wed Sep 05 17:37:40 CEST 2012 res/drawable-mdpi/icon.png

  X.509, CN=Android Debug, O=Android, C=US
  [certificate is valid from 1/9/12 6:42 PM to 5/27/39 7:42 PM]

except for 4 files and I also get the following warning:

Warning: This jar contains unsigned entries which have not been integrity-checked.

Is there any way that I can force the install of the apk despite those unsigned entries?

If not, what could be the reason why they can install and I cant? I saw this other Q&A What is INSTALL_PARSE_FAILED_NO_CERTIFICATES error? where some people mention the jdk version, however I am not sure if this would apply here as they are the only ones generating the apk and they can install it.

On the top of that, are there any reasons why they would build the application and a few of the files would not be signed?

Unfortunately, I do not know much about their process...

Community
  • 1
  • 1
Thomas
  • 2,751
  • 5
  • 31
  • 52
  • Have you uninstalled any previous versions first? – David Wasser Feb 03 '14 at 15:10
  • they do not even install. But still I have tried flushing the VM to be sure that there was nor previous version installed and running `adb uninstall` with the apk name, package name and application name. But all the adb uninstall attempts would return an error: "failed to uninstall" – Thomas Feb 03 '14 at 15:17
  • It doesn't particularly sound like they know what they are doing. But if you are *sure* you want to run this (and that they authorize you to do what you need in order to) you could just strip out their incomplete signing and resign the whole thing with your own key. – Chris Stratton Feb 03 '14 at 16:38
  • Hi Chris, how could I do that? Calling the zipalign and keytool as in [here](http://stackoverflow.com/questions/15636396/failure-install-parse-failed-no-certificates-when-attempting-to-install-apk-to) led me to `INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES` error, which seem coherent as I end up re-signing the apk. I tried using this [Virtuous Ten Studio](http://www.virtuous-ten-studio.com/index.php/downloads) tool to open the apk and generate a new one. I was able to install the new apk, but it crashed when I tried to run it. – Thomas Feb 03 '14 at 16:47

1 Answers1

1

Wow that has been a crazy issue! What happened was that the e-mail server anti-virus opened the apk, replaced the a mp3 resource file for the same file with the extension ".txt" and then zipped back the apk... It left a message inside the txt saying that the file was considered harmful, but as the antivirus did not inform in the email that the file has been changed, it took very long for this possibility to come to my mind...

Well, for the reason above all the files were signed except that the 3 certificate related files:

   META-INF/MANIFEST.MF
   META-INF/CERT.SF
   META-INF/CERT.DSA

and the .txt created by the antivirus...

Thomas
  • 2,751
  • 5
  • 31
  • 52