1

There is such problem:

1) I have to use my our distribution service to give new builds of app to testers (no way to use HockeyApp or etc.)

2) I want to give unique APK file to each tester. But it is not possible for me to compile ~3000 APK files for every new build of application.

So I want to add some kind of ID to APK file without recompiling it.

(I need it to identify, if some user will share this APK file somewhere in web without my permission)

Example:

User downloads .apk file from my site => uploads it to some forum/website => I see, that somebody has shared my app in web => I download apk from that forum/website => I identify, who shared it (via unique ID of apk)

Igor Yunash
  • 11
  • 1

2 Answers2

0

That is not going to be easy because all files of your APK are covered by the signature, so anything you add will have to be somewhere else.

You could try modifying the zip comments of the APK (if you can find a library that allows you to do that -- maybe "apkzlib"), I'm not sure if this part is covered by the signature.

Alternatively, you could try adding a file to the APK that is not referenced in the zip central directory (a "ghost file" in a way, it wouldn't exist for most zip tools), maybe the signature doesn't cover those either, but I haven't verified. This solution also requires good knowledge of the zip format to implement it.

Note as well that if this can be done without touching the signature, it can also be removed without touching the signature... so if one of your tester finds out about this, they could remove it. But I guess it wouldn't be trivial to do, so that might be sufficient anyway.

Pierre
  • 15,865
  • 4
  • 36
  • 50
0

There are two constraints:

Luckily signing an apk takes only some seconds and should be feasible for 3k apks.

So you can write a script that writes the id to a file within the akp (which is basically a .zip file) and sign it afterwards. See Can I re-sign an .apk with a different certificate than what it came with?

See https://developer.android.com/studio/publish/app-signing#sign-manually on how to sign from command line.

leonardkraemer
  • 6,573
  • 1
  • 31
  • 54