Is it possible to inject an app into another after installation process?
Consider the following example: Device D is rooted and Android version is >= 5, means it's using ART.
App A gets installed via "adb install App_A.apk". At first startup dex2oat gets called and creates the .oat file for app A. My goal is now to inject App B into App A so that App B gets started instead of App A. For another reason, the .oat file of App B gets "crosscompiled" for the device D. What parts of App A now need to get exchanged by App B to get it to work?
I guess the following steps are necessary, still the app crashes when I am trying to start it:
- use the same package name "com.example.app"
- use the same application name
- Exchange AndroidManifest.xml
- Exchange/Add res and lib folders and resources.arsc
- Exchange the .oat file
- Use the same key for signing the final apk (in /data/app/App_A/base.apk) after exchanging the parts above
For my understanding, "classes.dex" should not be needed, because the oat file is already present. So in theory, it should also work with a broken classes.dex?
What am I missing here? I also tried to monitor what Android does when starting an app (which files are touched and so on) but could not get behind the scenes really :( I would apreciate every kind of help. Thanks a lot!
Regards
