How to resign a .apk file.

book

Article ID: 178751

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

 

Resolution

How to prepare a .apk file for resigning:

Open up the .apk file in an archive manager and delete the entire META-INF directory with all of its contents.

Ensure that the archive is saved upon closing it back up and keep the file extension as a .apk.


How to generate a keystore:

A keystore can be created by using the following command on a computer running OSX:

# keytool -keystore clientkeystore -genkey -alias androidclient

This will create a keystore named 'clientkeystore' with the alias of 'androidclient'. During the keystore generation process, various bits of information that include a name, company, and physical location are collected. It is sealed with a password that will also need to be input in the execution of the signapk.sh script.


How to resign a .apk file:

The process to perform the task of re-signing a .apk file with a new keystore is outlined below and run from a computer running OSX:

# ./signapk.sh application.apk keystore key-pass alias

The parameters of the signapk.sh file are as follows:

parameter 1: .apk file to be signed
parameter 2: keystore location
parameter 3: keystore password
parameter 4: key alias

The above process signs the APK with the new key.

Below is an example of signing a stock application with your own android debug key

Test Application, "test.android.application" applicaion.apk

./signapk.sh application.apk ~/Desktop/keystore changeit testapp
This process creates a file named signed_application.apk in the same path as the original .apk.

The directories that have been input into the signapk.sh script for the jarsigner and zipalign executables are as follows:

/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/bin/jarsigner
/Users/epmspringfield/Library/Android/sdk/build-tools/23.0.0/zipalign

Those should be the default directories (with exception to the underlined and italicized variables that should be modified to match the version of Java, User Account, and Android version.) that will need to be modified in the signapk.sh script attached to this KB Article.


In order to qualify the script for use and execute it, the following commands need to be run from the Terminal in the directory where the script is located:

# chmod +x signapk.sh
# ./signapk.sh

Attachments

signapk.sh get_app
signapk.sh get_app