1

I've generated a small test app consisting just of onCreate(). I can install it on my emulated Nexus 7 via adb install just fine. However, decoding it using apktool decode and rebuilding via apktool build -c (-c to copy signature) yields an apk that cannot be installed:

➜  ApkToolTesting  adb install justoncreate/dist/justoncreate.apk 
1227 KB/s (1145010 bytes in 0.910s)
    pkg: /data/local/tmp/justoncreate.apk
Failure [INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION]

What could be the reason for this failure? Something else must have been lost during the assembly process.

EDIT: probably the relevant logcat output:

03-09 17:12:49.129  1946  1958 D DefContainer: Copying /data/local/tmp/justoncreate.apk to base.apk
03-09 17:12:49.167  1302  1326 W PackageManager: Failed collect during installPackageLI
03-09 17:12:49.167  1302  1326 W PackageManager: android.content.pm.PackageParser$PackageParserException: Failed reading res/color/abc_primary_text_material_light.xml in java.util.jar.StrictJarFile@a55736e
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.content.pm.PackageParser.loadCertificates(PackageParser.java:600)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.content.pm.PackageParser.collectCertificates(PackageParser.java:1102)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.content.pm.PackageParser.collectCertificates(PackageParser.java:1057)
03-09 17:12:49.167  1302  1326 W PackageManager:    at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:12196)
03-09 17:12:49.167  1302  1326 W PackageManager:    at com.android.server.pm.PackageManagerService.-wrap25(PackageManagerService.java)
03-09 17:12:49.167  1302  1326 W PackageManager:    at com.android.server.pm.PackageManagerService$9.run(PackageManagerService.java:10156)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.os.Handler.handleCallback(Handler.java:739)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.os.Handler.dispatchMessage(Handler.java:95)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.os.Looper.loop(Looper.java:148)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.os.HandlerThread.run(HandlerThread.java:61)
03-09 17:12:49.167  1302  1326 W PackageManager:    at com.android.server.ServiceThread.run(ServiceThread.java:46)
03-09 17:12:49.167  1302  1326 W PackageManager: Caused by: java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for res/color/abc_primary_text_material_light.xml in res/color/abc_primary_text_material_light.xml
03-09 17:12:49.167  1302  1326 W PackageManager:    at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:140)
03-09 17:12:49.167  1302  1326 W PackageManager:    at java.util.jar.JarVerifier.-wrap0(JarVerifier.java)
03-09 17:12:49.167  1302  1326 W PackageManager:    at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:132)
03-09 17:12:49.167  1302  1326 W PackageManager:    at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:117)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.content.pm.PackageParser.readFullyIgnoringContents(PackageParser.java:5113)
03-09 17:12:49.167  1302  1326 W PackageManager:    at android.content.pm.PackageParser.loadCertificates(PackageParser.java:597)
03-09 17:12:49.167  1302  1326 W PackageManager:    ... 10 more
ride_on_the_NOP_sled
  • 135
  • 13
  • Running `adb logcat` during the install will provide the real error. `-c` of apktool will probably be removed. Newer versions of Android require a resign of any modification of the application. `-c` just inserts the original `AndroidManifest.xml` and `META-INF` folder into the rebuilt application. These two files/directories used to be the only files in the signature that Android checked. – Connor Tumbleson Mar 09 '16 at 15:25
  • Thanks for your reply. The emulated Nexus 7 runs Marshmallow - so your security hypothesis might very well be correct. I've added the `logcat` output to the post. It seems there is some security issue related to `META-INF`, which makes no sense to me, since `-c` should have just copied the original file, which worked in the first place. – ride_on_the_NOP_sled Mar 09 '16 at 16:21
  • Yes, I fear I'm correct. Apktool while it tries its best to maintain a 100% match, this simply isn't possible at times. This means the signatures on the files will change on some during a decode/build scenario. A simple fix is to simply resign the entire application, which might not be an option for you. – Connor Tumbleson Mar 09 '16 at 18:56

1 Answers1

0

Isn't the -c option valid only on "build"?

Reading the apktool wiki, you can read:

After [d]ecode, there will be new folders (original / unknown) in the decoded apk folder

  • original = META-INF folder / AndroidManifest.xml, which are needed to retain the signature of apks to prevent needing to resign. Used with -c / --copy-original on [b]uild

So I think that the correct syntax for the command is:

apktool b -c folder

I've never tried that, so I not 100% sure.

Luca D'Amico
  • 3,192
  • 2
  • 26
  • 38