0

I am not sure whether my approach is valid or not but am trying to sign my APK by copying signature files of already signed APK as I don't have valid keystore to sign my APK.

I believe signature of signed APK lies inside META-INF folder. I can retrieve it by unzipping APK file. It did not work when I copy META-INF folder to unsigned APK by using 'apktool'. I am getting Invalid APK error while installation and JarSigner is telling 'no manifest' and 'jar is unsigned'.

Please correct me if there is anything wrong or suggest a better approach.

Venugopal
  • 1,288
  • 3
  • 19
  • 31
  • You cannot sign an apk in this way, but you can un-sign it ! [see here](https://kbdeveloper.qoppa.com/removing-a-signature-from-a-signed-jar-file/). See [Here's](https://stackoverflow.com/questions/47167769/hello-world-android-app-with-as-few-files-as-possible-no-ide-and-text-editor/47251607#47251607) how to manually sign an apk. – Jon Goodwin Nov 23 '17 at 00:50

2 Answers2

1

Is it possible to sign APK by copying signature files inside META-INF folder of signed APK

No. That is not how digital signatures work. A signature is calculated based on the content of the file being signed, as well as the signing key.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
0

You can not do this unless the APK content is already the same (in which case it is not usefull).

The signature in the original APK validates that the "files" in that APK have a certain "checksum" (MD5 and/or SHA1). The "checksum" in your new APK is different, so the signature does not correspond to that "checksum" and it would be invalid.

le_top
  • 445
  • 3
  • 12