9

I'm trying to sign an APK for publishing on the Play Store that was originally built with Cordova and Ionic. Now, after going through the steps:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore release-key.jks android-release-unsigned.apk xxxxxx
zipalign -v 4 android-release-unsigned.apk HelloWorld.apk
apksigner verify HelloWorld.apk

I then get the error when I verify using apksigner as follows:

WARNING: META-INF/services/com.google.protobuf.GeneratedExtensionRegistryLoader
not protected by signature. Unauthorized modifications to this JAR entry will no
t be detected. Delete or move the entry outside of META-INF/.

Will this matter at all? How could I resolve this problem? Is there anything I've done wrong in my build?

Cœur
  • 37,241
  • 25
  • 195
  • 267
user7722867
  • 478
  • 3
  • 17

2 Answers2

0
  1. Extract the APK
  2. Delete every file inside META-INF/
  3. Zip the entire contents as .apk
  4. Sign the above APK now without any error.
garnet
  • 551
  • 5
  • 12
  • Where the directory of META-INF/ ? I am facing this issue :( Need to publish asap – Zubli Quzaini Apr 11 '18 at 15:16
  • Once you extract the apk using any zip utility (e.g: 7-Zip in Windows) to a folder, you will find the META-INF folder inside the unzipped folder. – garnet Apr 15 '18 at 16:34
0

Just obfuscate META-INF/* with proguard, dexguard or similar tool

Amit Kaushik
  • 642
  • 7
  • 13