Re-sign an Android Apk

Question

How can I Re-sign an android apk. I referred to this answer Can I re-sign an .apk with a different certificate than what it came with?

but got stuck with Android Manifest.xml missing error.

at which step? also, are you sure the manifest is still in the apk? — njzk2, Aug 19 '11 at 09:51
Sounds like you deleted AndroidManifest.xml from the root of the APK file, rather than only the META-INF . Just like the original question says. — Blundell, Aug 19 '11 at 10:12
possible duplicate of [Can I resign an .apk with a different certificate than what it came with?](http://stackoverflow.com/questions/3267216/can-i-resign-an-apk-with-a-different-certificate-than-what-it-came-with) — Blundell, Aug 19 '11 at 10:12
Detailed Flow: 1.converted apk to zip form. 2.Removed all files from META-INF ,remaining files(lib,res,AndroidManifest,classes.dex,resources.arsc) 3.zipped the file back to .apk 4.Used jarsigner to sign the apk (output adding: META-INF/MANIFEST.MF adding: META-INF/ANDDEV_K.SF.......) 5.Tried Installing the apk on the emulator then I got (Android manifest.xml is missing in the apk) — neeraj, Aug 19 '11 at 11:44
You can also try this http://stackoverflow.com/a/15786087/700869 — Aksel Fatih, Apr 12 '13 at 19:57
Possible duplicate of [Can I re-sign an .apk with a different certificate than what it came with?](https://stackoverflow.com/questions/3267216/can-i-re-sign-an-apk-with-a-different-certificate-than-what-it-came-with) — Peter F, Jan 07 '19 at 14:52

score 27 · Answer 1 · edited Oct 23 '12 at 12:54

27

Friends I found a work around to this . Resign Android Apk using android default debug.keystore.

**Open the apk in the winzip browser and not by unzipping to a folder.
Delete META-INF folder .zipping again is not required.**

Jarsigner -verbose -keystore debug.keystore yourapk.apk aliasname

**Example** `-Jarsigner –verbose –keystore debug.keystore androiddebugkey.`

jarsigner -verify yourapk.apk
zipalign -v 4 yourapk.apk signedapk.apk

Step 1 and 2 was where I was doing wrong which gave me androidmanifest xml missing error.

edited Oct 23 '12 at 12:54

Anupam

7,966
3
41
63

answered Aug 25 '11 at 11:47

neeaj

271
2
2

After the step 3 I get a message "jar verified." and Warning: This jar contains entries whose certificate chain is not validated. How do I overcome this warning??? – EnthuDeveloper Dec 15 '11 at 04:37
jarsinger argues on self-signed certificates. You can avoid this warning if you use certificate received from Verisign, GoDaddy or any other CA. – Andrey Starodubtsev Apr 19 '12 at 16:51
The default password for alias androiddebugkey is "android" – Nizam Mohideen Sep 29 '15 at 15:44
You should be using the zipalign tool – Nick Turner Jul 16 '21 at 20:07

Vihana Kewalramani · Answer 2 · 2013-03-14T14:44:24.740

5

Downgrading to JDK 1.6.0_43 solved the problem.

To sign apks using JDK 1.7 one has to use these keywords "-sigalg MD5withRSA -digestalg SHA1"

Reason: As of JDK 7, the default signing algorithim has changed, requiring you to specify the signature and digest algorithims (-sigalg and -digestalg) when you sign an APK.

Command: jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore [keystorefile] [originalapk] alias_name

edited Mar 14 '13 at 14:44

answered Mar 14 '13 at 11:14

Vihana Kewalramani

915
11
14

why downgrade when you can just use `jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore [keystorefile] [originalapk] alias_name`? – Alex Martian Mar 05 '16 at 19:28
FYI md5 was completely phased out by Oracle and is no longer supported https://blogs.oracle.com/java-platform-group/oracle-jre-will-no-longer-trust-md5-signed-code-by-default – Gi0rgi0s Feb 16 '18 at 16:16

Re-sign an Android Apk

2 Answers2

Linked