1

I am working on a web page that will allow the end-user to upload .apk files. I need a library/component to check that the files uploaded are valid .apk files. I am looking for something more that the ability to just view the contents.

Thanks in advance...

fredley
  • 32,953
  • 42
  • 145
  • 236
Brian Singh
  • 6,686
  • 4
  • 25
  • 22

3 Answers3

1

How deep a validation do you want?

APK is a renamed ZIP archive. So the first line of validation would be trying to open it as a zip. Then you can check if the Android manifest is there and looks right. Finally, you could try loading Java classes from the files... but you'll need a copy of the Dalvik VM for that, since the Android bytecode format is not that of regular Java.

How exactly do you work with ZIPs and XMLs depends on your back-end platform, which you probably should've specified in question tags.

Seva Alekseyev
  • 59,826
  • 25
  • 160
  • 281
  • 1
    Not going as far as loading classes. But definitely unzipping and checking that all the required pieces for .apk are there. Is there a specification somewhere for what goes into .apk files? As for the manifest is there a scheme available to validate against? – Brian Singh Jan 20 '11 at 16:29
  • http://stackoverflow.com/questions/605325/where-are-the-schemas-for-xml-files-on-an-android-project – Seva Alekseyev Jan 20 '11 at 16:43
  • Just standard stuff on the back-end. java.util.zip and DOM + Xerces. – Brian Singh Jan 20 '11 at 16:50
  • Also, rather than validate the manifest against the schema, I'd just check if the application with at least one activity is there. In general, before implementing any kind of validation, ask yourself this: are you trying to protect against accidental user mistakes or deliberate malicious intent? – Seva Alekseyev Jan 20 '11 at 16:53
1

If you need to do this programmatically, I suggest you to try with zip --check filename or dex2jar filename. In my case it helped to discard invalid apk.

Andrea Alti E Bassi
  • 11
  • 1
1

It is a bit slow for huge number of files, but for single file, this is the fastest and best method possible.

PackageInfo packageInfo = context.getPackageManager().getPackageArchiveInfo(file.getAbsolutePath(), 0);
if(packageInfo != null){
    // you can be sure that it is a valid apk
} else {
    // not a valid apk
}
Nowrose Muhammad Ragib
  • 505
  • 4
  • 10